* src/truetype/ttinterp.c (DO_SSW): SSW *does* use font units. For
verification, it took some time to find a font which actually uses
this instruction.
* src/truetype/ttinterp.c (Ins_MIRP): Typo, present since ages. The
code is now in sync with the other operators (e.g. MSIRP) which
modify twilight points.
Jump instructions are now bound to the current function. The MS
Windows rasterizer behaves the same, as confirmed by Greg Hitchcock.
* src/truetype/ttinterp.h (TT_CallRec): Add `Cur_End' element.
* src/truetype/ttobjs.h (TT_DefRecord): Add `end' element.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Check upper
bound of jump address.
(Ins_FDEF, Ins_CALL, Ins_LOOPCALL, Ins_UNKNOWN, TT_RunIns): Updated.
* src/truetype/interp.c: Set even more TT_Err_Invalid_Reference
error codes only if pedantic hinting is active. At the same time,
try to provide sane values which hopefully allow useful
continuation. Exception to this is CALL and LOOPCALL – due to
possible stack corruption it is necessary to bail out.
* src/truetype/ttinterp.c (TT_RunIns, Ins_FLIPPT, Ins_DELTAP,
Ins_DELTAC): Exit with error only if `pedantic_hinting' is set.
Otherwise, try to do something sane.
Thanks to Greg Hitchcock who explained the issue.
* src/truetype/ttinterp.c (Ins_MIRP): Replace a `>=' operator with
`>' since the description in the specification is incorrect.
This fixes, for example, glyph `two' in font `Helvetica Neue LT Com
65 medium' at 15ppem.
On LLP64 platforms (e.g. Win64), long (32-bit) cannot cover
the memory address (64-bit). Also the casts from the pointer
type to long int should be removed to preserve the address
correctly.
* src/raster/ftraster.c (New_Profile): Replace "%lx" by "%p".
(End_Profile) Ditto.
* src/truetype/ttinterp.c (Init_Context): Ditto.
* src/truetype/ttinterp.c (free_buffer_in_size): Don't duplicate
FT_GlyphZoneRec size->twilight to be freed. If duplicated,
FT_FREE() erases the duplicated pointers only and leave original
pointers. They can cause the double-free crash when the burst
errors occur in TrueType interpreter and free_buffer_in_size()
is invoked repeatedly. See Savannah bug #31040 for detail.
* src/truetype/ttinterp.c (TT_RunIns): Decrease the trace level
showing the error when the interpreter returns with an error,
from FT_TRACE7() to FT_TRACE1().
* src/truetype/ttinterp.c (free_buffer_in_size): New function to
free the buffer allocated during the interpretation of this glyph.
(TT_RunIns): Unset FT_Face->size->{cvt_ready,bytecode_ready} if
an error occurs in the bytecode interpretation. The interpretation
of invalid bytecode may break the function definitions and referring
them in later interpretation is danger. By unsetting these flags,
`fpgm' and `prep' tables are executed again in next interpretation.
Fix Savannah bug #30798, reported by Robert Swiecki.
* src/truetype/ttinterp.c (BOUNDSL): New macro.
Change `BOUNDS' to `BOUNDSL' where appropriate.
* src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
`cvtSize'.
Acroread does the same.
* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Call
`Update_Max' to adjust size of instructions array if necessary and
add a rough safety check.
(load_truetype_glyph): Save `loader->byte_len' before recursive
call.
* src/truetype/ttinterp.h, src/truetype/ttinterp.c (Update_Max):
Declare it as FT_LOCAL.
* src/raster/ftraster.c (Render_Glyph, Render_Gray_Glyph,
Draw_Sweep): No-dropout mode is value 2, not value 0.
(Draw_Sweep): Really skip dropout handling for no-dropout mode.
Pass dropout rules from the TT bytecode interpreter to the
rasterizer; temporarily this is enabled only if
`USE_SCAN_CONVERSION_RULES' is defined.
* include/freetype/ftimage.h (FT_OUTLINE_SMART_DROPOUTS,
FT_OUTLINE_EXCLUDE_STUBS): New flags for for FT_Outline.
* src/raster/ftraster.c (Vertical_Sweep_Drop, Horizontal_Sweep_Drop,
Horizontal_Gray_Sweep_Drop): Use same mode numbers as given in the
OpenType specification.
Fix mode 4 computation.
(Render_Glyph, Render_Gray_Glyph): Handle new outline flags.
* src/truetype/ttgload.c (TT_Load_Glyph)
[USE_SCAN_CONVERSION_RULES]: Convert scan conversion mode to
FT_OUTLINE_XXX flags.
* src/truetype/ttinterp.c (Ins_SCANCTRL): Enable ppem check.
