Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>; see
http://lists.nongnu.org/archive/html/freetype-devel/2013-08/msg00005.html
for details.
* src/base/ftobjs.c (FT_Load_Glyph): Check size of `fpgm' and `prep'
tables also for setting `autohint'.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Use code from
`TT_Process_Composite_Glyph' for handling unreliable values of
`maxSizeOfInstructions'.
We simply synthesize a SFNT from the WOFF, create a memory stream
for the new data, and load the SFNT as usual.
Does NOT add any API to access WOFF metadata or private blocks.
* include/freetype/internal/tttypes.h (WOFF_HeaderRec,
WOFF_TableRec): New structures.
* include/freetype/tttags.h (TTAG_wOFF): New macro.
* src/base/ftobjs.c (FT_Open_Face): Set `stream' after calling
`open_face'.
* src/sfnt/sfobjs.c [FT_CONFIG_OPTION_SYSTEM_ZLIB]: Include
`FT_GZIP_H'.
(WRITE_BYTE, WRITE_USHORT, WRITE_ULONG): New temporary macros for
writing to a stream.
(sfnt_stream_close, compare_offsets, woff_open_font): New functions.
(sfnt_open_font): Handle `TTAG_wOFF'.
(sfnt_init_face): Set `stream' after calling `sfnt_open_font'.
* src/truetype/ttobjs.c (tt_face_init): Set `stream' after calling
`sfnt->init_face'.
* src/base/ftobjs.c (open_face): Use a pointer to FT_Stream as an
argument so that a changed stream survives.
Update callers.
If the font's `clazz->init_face' function wants to swap to new
stream, handling of whether original stream was external could
result to either memory leak or double free. Mark externality into
face flags before calling `init_face' such that the clazz can handle
external streams properly.
* src/base/ftobjs.c (FT_Open_Face): Move code to set
FT_FACE_FLAG_EXTERNAL_STREAM to...
(open_face): This function.
If memory allocations fail at certain points while opening a font,
FreeType can either crash due to a NULL dereference or leak memory.
* include/freetype/internal/ftobjs.c (FT_Face_InternalRec,
FT_LibraryRec): Make `refcount' a signed integer. If, for example,
FT_Open_Face() fails in a memory allocation before the face's
reference count is set to 1, a subsequent `FT_Done_Library' call
would otherwise loop over `FT_Done_Face' 2^32 times before freeing
the face.
* src/base/ftobjs.c (open_face): Initialize `stream' and friends
earlier.
(FT_Open_Face) <Fail>: Behave correctly if `node' is NULL.
(FT_Destroy_Module) <Fail>: Check that `renderer_clazz' is valid.
* include/freetype/internal/ftdebug.h: Remove pragmas.
* include/freetype/internal/ftserv.h: Use push and pop for pragmas.
* include/freetype/internal/ftvalid.h: Handle warning C4324.
* src/base/ftobjs.c: Use push and pop for pragmas.
* src/gzip/ftgzip.c: Handle warning C4244.
* src/base/ftobjs.c: Fix typo in MS pragma.
* src/base/bdflib.c (_bdf_set_default_spacing, _bdf_add_property):
`lineno' is only used in debug mode.
* src/cff/cf2ft.c (cf2_builder_moveTo): `params' is only used in
debug mode.
Use `FT2_DEBUG=bitmap:3' for tracing.
* src/base/md5.c, src/base/md5.h: New files, taken from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
* include/freetype/internal/fttrace.h: Add `bitmap'.
* src/base/ftobjs.c [FT_DEBUG_LEVEL_TRACE]: Include `md5.c'
(FT_Render_Glyph_Internal) [FT_DEBUG_LEVEL_TRACE]: For tracing,
convert resulting bitmap to a uniform format and compute a checksum.
Use `bitmap' category for the tracing message.
* src/base/rules.mk (BASE_H): Updated.
* docs/LICENSE.TXT: Updated.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
* include/freetype/fterrdef.h (FT_Err_Missing_Property): New error
code.
* include/freetype/ftmodapi.h (FT_Property_Set, FT_Property_Get):
New API.
* include/freetype/internal/services/svprop.h: New file.
* include/freetype/internal/ftserv.h (FT_SERVICE_PROPERTIES_H): New
macro.
* src/base/ftobjs.c: Include FT_SERVICE_PROPERTIES_H.
(ft_property_do, FT_Property_Set, FT_Property_Get): New functions.
* include/freetype/internal/ftobjs.h (FT_ModuleRec, FT_LibraryRec):
Remove `generic' field since users can't access it.
* src/base/ftobjs.c (FT_Done_GlyphSlot): Call `generic.finalizer' as
advertised in the documentation of FT_Generic.
(Destroy_Module, FT_Done_Library): Updated to changes in `ftobjs.h'.
Based on the patch provided by Erik Dahlstrom <ed@opera.com>,
http://lists.gnu.org/archive/html/freetype-devel/2012-01/msg00010.html
Also `raccess_guess_table[]' and `raccess_rule_by_darwin_vfs()'
are renamed with `ft_' suffixes.
* src/base/ftbase.h: `raccess_rule_by_darwin_vfs()' is renamed
to `ft_raccess_rule_by_darwin_vfs()'.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Declarations of FT_RFork_Rule,
raccess_guess_rec, are moved to...
* include/freetype/internal/ftrfork.h: Here.
* include/freetype/internal/ftrfork.h:
FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END} macros are defined
to replace raccess_guess_table[] in both of PIC and non-PIC
modes.
* src/base/ftrfork.c: raccess_guess_table[] array is rewritten
by FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END}.
* src/base/basepic.h (BasePIC): Add `ft_raccess_guess_table'
storage. (FT_RACCESS_GUESS_TABLE_GET): New macro to retrieve
the function pointer from `ft_raccess_guess_table' storage in
`BasePIC' structure.
* src/base/ftrfork.c (FT_Raccess_Guess): Rewritten with
FT_RACCESS_GUESS_TABLE_GET.
(raccess_get_rule_type_from_rule_index): Add `library' as the
first argument to the function, to retrieve the storage of
`ft_raccess_guess_table' from it. Also `raccess_guess_table'
is replaced by FT_RACCESS_GUESS_TABLE_GET.
(ft_raccess_rule_by_darwin_vfs): Ditto.
Originally FT_MACINTOSH was a pure auto macro and DARWIN_NO_CARBON
was a configurable macro to disable Carbon-dependent code. Because
now configure script sets DARWIN_NO_CARBON by default and disables
Darwin & Carbon-dependent codes, these macros can be unified.
FT_MACINTOSH (undefined by default) is kept and DARWIN_NO_CARBON
(defined by default) is removed, because DARWIN_NO_CARBON violates
FT_XXX naming convention of public macros, and a macro configured by
default is not portable for the building without configure (e.g.
make devel).
* builds/unix/configure.raw: Define FT_MACINTOSH if Carbon-based
old Mac font support is requested and Carbon is available.
* builds/unix/ftconfig.in: Undefine FT_MACINTOSH when the support
for Mac OS X without Carbon (e.g. Mac OS X 10.4 for ppc64) is
requested.
* include/freetype/config/ftconfig.in: Ditto.
* builds/vms/ftconfig.h: Ditto.
* src/base/ftbase.h: Remove DARWIN_NO_CARBON.
* src/base/ftbase.c: Ditto.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Ditto.
* src/base/ftmac.c: Compile the body if FT_MACINTOSH is defined
(same with TT_USE_BYTECODE_INTERPRETER in ttinterp.c).
* builds/mac/ftmac.c: Ditto.
* builds/mac/FreeType.m68k_cfm.make.txt: Define FT_MACINTOSH.
* builds/mac/FreeType.m68k_far.make.txt: Ditto.
* builds/mac/FreeType.ppc_classic.make.txt: Ditto.
* builds/mac/FreeType.ppc_carbon.make.txt: Ditto.
Passing uninitialized pointer to the buffer allocator is
not problematic theoretically (as far as the returned
pointer is checked before writing), but g++4.6 dislikes
it and warns by -Wuninitialized. Initialize them by NULL.
* src/base/ftobjs.c (FT_Stream_New): Init `stream'.
(new_memory_stream): Ditto.
(FT_New_GlyphSlot): Init `slot'.
(FT_CMap_New): Init `cmap'.
(open_face_PS_from_sfnt_stream): Init `sfnt_ps'.
(Mac_Read_POST_Resource): Init `pfb_data'.
(Mac_Read_sfnt_Resource): Init `sfnt_data'.
* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets):
Init `offsets_internal' and `ref'.
(raccess_guess_darwin_hfsplus): Init `newpath'.
(raccess_guess_darwin_newvfs): Ditto.
* src/base/ftbitmap.c (ft_bitmap_assure_buffer):
Init `buffer'.
* src/base/ftstroke.c (FT_Stroker_New): Init `stroker'.
Since 2010-07-04, find_variant_selector_charmap() returns
the first cmap subtable always under rogue-compatible
configuration, it causes NULL pointer dereference and
make UVS-related functions crashed.
* src/base/ftobjs.c (Fix find_variant_selector_charmap):
Returns UVS cmap correctly.
UVS supporting functions assume the variation handler functions
are valid. When a font without cmap format 14 is given, these
function pointers are left as NULL, so calling these functions
causes NULL pointer dereference.
* src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer
FT_CMap_Class->char_var_index before calling it.
(FT_Face_GetCharVariantIsDefault): Check the pointer
FT_CMap_Class->char_var_default before calling it.
(FT_Face_GetVariantSelectors): Check the pointer
FT_CMap_Class->variant_list before calling it.
(FT_Face_GetVariantsOfChar): Check the pointer
FT_CMap_Class->charvariant_list before calling it.
(FT_Face_GetCharsOfVariant): Check the pointer
FT_CMap_Class->variantchar_list before calling it.
When a resource fork access rule by Darwin VFS could open the
resource fork but no font is found in it, the rest of rules
by Darwin VFS are skipped. It reduces the warnings of the
deprecated resource fork access method by recent Darwin kernel.
Fix MacPorts ticket #18859:
http://trac.macports.org/ticket/18859
* src/base/ftobjs.c (load_face_in_embedded_rfork):
When FT_Stream_New() returns FT_Err_Cannot_Open_Stream, it
means that the file is possible to be fopen()-ed but zero-sized.
Also there is a case that the resource fork is not zero-sized,
but no supported font exists in it. If a rule by Darwin VFS
falls into such cases, there is no need to try other Darwin VFS
rules anymore. Such cases are marked by vfs_rfork_has_no_font.
If it is TRUE, the Darwin VFS rules are skipped.
* src/base/ftobjs.c (FT_Done_Library): Specify the order of font
drivers in face closing process. Type42 faces should be closed
before TrueType faces, because a Type42 face refers another
internal TrueType face which is created from sfnt[] array on the
memory.
Fix for Savannah bug #30059.
* src/cache/ftccmap.c (FTC_CMapCache_Lookup): Replace `16' the
minimum character code passed by a legacy rogue client by...
* include/freetype/config/ftoption.h (FT_MAX_CHARMAP_CACHEABLE):
This. It is undefined when FT_CONFIG_OPTION_OLD_INTERNALS is
undefined (thus the rogue client compatibility is not required).
* src/cff/cffobjs.c (cff_face_init): Abort the automatic
selection or synthesis of Unicode cmap subtable when the charmap
index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Issue error message
when the charmap index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/base/ftobjs.c (find_unicode_charmap): When Unicode charmap
is found after FT_MAX_CHARMAP_CACHEABLE, ignore it and search
earlier one.
(find_variant_selector_charmap): When UVS charmap is found after
FT_MAX_CHARMAP_CACHEABLE, ignore it and search earlier one.
(FT_Select_Charmap): When a charmap matching with requested
encoding but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Set_Charmap): When a charmap matching with requested
charmap but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Get_Charmap_Index): When a requested charmap is found
after FT_MAX_CHARMAP_CACHEABLE, return the inverted charmap
index.
* src/base/ftobjs.c (Mac_Read_POST_Resource): If the type
of the POST fragment is 0, the segment is completely ignored.
The declared length of the segment is not cared at all.
According to Adobe Technical Note 5040, type 0 segment is
comment only and should not be loaded for the interpreter.
Reported by Robert Swiecki.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check `rlen'
the length of fragment declared in the POST fragment header
and prevent an underflow in length calculation. Some fonts
set the length to zero in spite of the exist of following
16bit `type'. Reported by Robert Swiecki.
