This was quite a subtle bug which accidentally showed up with glyph
`afii10023' of arial.ttf (version 2.76). This glyph is a composite;
the first component, `E', has an advance width of 1366 font units,
while the advance width of the composite itself (which looks like
uppercase `E' with dieresis) is 1367 font units. I think this is
actually a bug in the font itself, because there is no reason that
this glyph has not the same width as uppercase `E' without the
dieresis. Anyway, it helped identify this problem.
Using the TrueType hinter, the correct value (1367) of `afii10023'
was returned, but the autohinter mysteriously returned 1366.
Digging in the code showed that the autohinter recursively calls
FT_Load_Glyph to load the glyph, adding the FT_LOAD_NO_SCALE load
flag. However, the `linearHoriAdvance' field is still returned as a
scaled value. To avoid scaling twice, the old code in autofit reset
`linearHoriAdvance', using the `horiAdvance' field. This seemed to
work since FT_LOAD_NO_SCALE was in use, but it failed actually,
because `horiAdvance' is defined as the distance of the first
subglyph's phantom points, which in turn are initialized using the
advance width of the first subglyph. And as the given example
shows, these widths can differ.
* src/autofit/afloader.c (af_loader_load_g): Temporarily set
FT_LOAD_LINEAR_DESIGN while calling FT_Load_Glyph to get unscaled
values for the linear advance widths.
* src/truetype/ttinterp.c (DO_SSW): SSW *does* use font units. For
verification, it took some time to find a font which actually uses
this instruction.
For some divisions, we use casts to 32bit entities. Always guard
against division by zero with these casts also.
* src/base/ftcalc.c (ft_div64by32): Remove redundant cast.
(FT_MulDiv, FT_MulDiv_No_Round): Add 32bit cast.
(FT_DivFix): Add 32bit cast (this omission triggered the bug).
* src/psaux/afmparse.c (afm_parse_track_kern): Don't inverse sign
for `min_kern'. It is indeed quite common that track kerning
*increases* spacing for very small sizes.
If in function `skip_spaces' the routine `skip_comment' comes to the
end of buffer, `cur' is still increased by one, so we need to check
for `p >= limit' and not `p == limit'.
* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed,
PS_Conv_ASCIIHexDecode, PS_Conv_EexecDecode): Fix boundary checking.
* src/truetype/ttinterp.c (Ins_MIRP): Typo, present since ages. The
code is now in sync with the other operators (e.g. MSIRP) which
modify twilight points.
* src/bdf/bdflib.c (_bdf_list_ensure): Bring code in sync with
comment before `_bdf_list_split', this is, really allocate at least
five `field' elements.
* src/bdf/bdflib.c (_bdf_parse_glyphs) <DWIDTH, BBX>: Abort if
_BDF_ENCODING isn't set. We need this because access to the `glyph'
variable might be undefined otherwise.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Use `FT_Pos'
instead of `FT_UInt' for some variables and update comparisons
accordingly. A detailed analysis can be found in the bug report.
* src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message
only if cur < limit.
Jump instructions are now bound to the current function. The MS
Windows rasterizer behaves the same, as confirmed by Greg Hitchcock.
* src/truetype/ttinterp.h (TT_CallRec): Add `Cur_End' element.
* src/truetype/ttobjs.h (TT_DefRecord): Add `end' element.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Check upper
bound of jump address.
(Ins_FDEF, Ins_CALL, Ins_LOOPCALL, Ins_UNKNOWN, TT_RunIns): Updated.
* include/freetype/internal/ftobjs.h (FT_ModuleRec, FT_LibraryRec):
Remove `generic' field since users can't access it.
* src/base/ftobjs.c (FT_Done_GlyphSlot): Call `generic.finalizer' as
advertised in the documentation of FT_Generic.
(Destroy_Module, FT_Done_Library): Updated to changes in `ftobjs.h'.
Patch submitted by anonymous reporter.
* src/gxvalid/gxvcommn.c (gxv_XStateTable_subtable_setup):
gxv_set_length_by_ulong_offset() must be called with 3, not 4,
the number of the subtables in the state tables; classTable,
stateArray, entryTable.
Based on the patch provided by Erik Dahlstrom <ed@opera.com>,
http://lists.gnu.org/archive/html/freetype-devel/2012-01/msg00010.html
Also `raccess_guess_table[]' and `raccess_rule_by_darwin_vfs()'
are renamed with `ft_' suffixes.
* src/base/ftbase.h: `raccess_rule_by_darwin_vfs()' is renamed
to `ft_raccess_rule_by_darwin_vfs()'.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Declarations of FT_RFork_Rule,
raccess_guess_rec, are moved to...
* include/freetype/internal/ftrfork.h: Here.
* include/freetype/internal/ftrfork.h:
FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END} macros are defined
to replace raccess_guess_table[] in both of PIC and non-PIC
modes.
* src/base/ftrfork.c: raccess_guess_table[] array is rewritten
by FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END}.
* src/base/basepic.h (BasePIC): Add `ft_raccess_guess_table'
storage. (FT_RACCESS_GUESS_TABLE_GET): New macro to retrieve
the function pointer from `ft_raccess_guess_table' storage in
`BasePIC' structure.
* src/base/ftrfork.c (FT_Raccess_Guess): Rewritten with
FT_RACCESS_GUESS_TABLE_GET.
(raccess_get_rule_type_from_rule_index): Add `library' as the
first argument to the function, to retrieve the storage of
`ft_raccess_guess_table' from it. Also `raccess_guess_table'
is replaced by FT_RACCESS_GUESS_TABLE_GET.
(ft_raccess_rule_by_darwin_vfs): Ditto.