The goal is to avoid integer overflows in the rendering algorithms.
The limit is chosen arbitrarily at some 2^18 pixels, which should be
enough for modern devices including printers.
* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
enormous outlines.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilterWeights): Enable filter
in addition to setting weights.
(FT_Library_SetLcdFilter): Clean out FT_FORCE_LIGHT_LCD_FILTER and
FT_FORCE_LEGACY_LCD_FILTER.
* include/freetype/ftlcdfil.h: Documentation update.
* src/base/fthash.c (hash_num_lookup, hash_num_compare): New
functions.
(ft_hash_init): Add argument to select between number and string
hashing.
(ft_hash_num_insert, ft_hash_num_lookup): New functions.
* include/freetype/internal/fthash.h: Updated.
* src/bdf/bdflib.c (_bdf_parse_start): Updated.
* include/freetype/internal/fthash.c (FT_Hash_LookupFunc,
FT_Hash_CompareFunc, FT_Hash_FreeFunc): New typedefs.
(FT_HashRec): Add `lookup', `compare', and `free' fields.
* src/base/fthash.c (hash_str_lookup, hash_str_compare,
hash_str_free): New functions.
(ft_hash_init): Set function pointers.
(hash_bucket, ft_hash_free): Use them.
We want to support both an integer and a string key later on.
* include/freetype/internal/fthash.h (FT_Hashkey): New union.
(FT_HashnodeRec): Updated.
(ft_hash_insert, ft_hash_lookup): Renamed to ...
(ft_hash_str_insert, ft_hash_str_lookup): ... this.
* src/base/fthash.c (hash_bucket): Updated.
(ft_hash_insert, ft_hash_lookup): Renamed to ...
(hash_insert, hash_lookup): ... this.
(ft_hash_str_insert, ft_hash_str_lookup): New wrapper functions.
* src/bdf/bdflib.c: Updated.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream):
`ft_lookup_PS_in_sfnt_stream' returns offset and and length from
user supplied data. Use of this these values must be checked.
This does the same as `FT_LCD_FILTER_LEGACY'.
See
https://bugs.freedesktop.org/show_bug.cgi?id=92981
for the reasoning.
* include/freetype/ftlcdfil.h (FT_LcdFilter): New value
`FT_LCD_FILTER_LEGACY1'.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilter): Use it.
Both the native CFF hinter and the auto-hinter now have a very
similar rendering style.
* include/freetype/freetype.h: Mention that FT_LOAD_TARGET_LIGHT no
longer implies FT_LOAD_FORCE_AUTOHINT.
* include/freetype/ftmodapi.h (FT_MODULE_DRIVER_HINTS_LIGHTLY): New
macro.
* include/freetype/internal/ftobjs.h (FT_DRIVER_HINTS_LIGHTLY): New
macro.
* src/cff/cffdrivr.c (cff_driver_class): Use it.
* src/base/ftobjs.c (FT_Load_Glyph): Update auto-hinter selection
logic.
open_face_from_buffer() frees passed buffer if valid font
is not found. But if copying to the buffer is failed,
the allocated buffer should be freed within the caller.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free
the buffer `sfnt_ps' if an error caused before calling
open_face_from_buffer().
(Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if
an error caused before calling open_face_from_buffer();
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS. The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437
* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.
* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.
* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
