The goal is to avoid integer overflows in the rendering algorithms.
The limit is chosen arbitrarily at some 2^18 pixels, which should be
enough for modern devices including printers.
* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
enormous outlines.
* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Only accept
positive values from header.
Check overflow.
* src/base/ftoutln.c (SCALED): Correctly handle left-shift of
negative values.
* src/bdf/bdf.h (_bdf_glyph_modified, _bdf_set_glyph_modified,
_bdf_clear_glyph_modified): Use unsigned long constant.
* src/bdf/bdfdrivr.c (BDF_Size_Select, BDF_Glyph_Load): Don't
left-shift values that can be negative.
* src/pcf/pcfdrivr.c (PCF_Size_Select, PCF_Glyph_Load): Don't
left-shift values that can be negative.
* src/raster/ftraster.c (SCALED): Correctly handle left-shift of
negative values.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Don't left-shift
values that can be negative.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph,
compute_glyph_metrics, load_sbit_image): Don't left-shift values
that can be negative.
Instead of keeping `library->renderers' in a MRU order, just leave
it as-is. The MRU machinery wasn't thread-safe.
With this patch, rasterizing glyphs from different faces from
different threads doesn't fail choosing rasterizer
(FT_Err_Cannot_Render_Glyph).
Easiest to see that crash was to add a `printf' (or otherwise let
thread yield in FT_Throw with debugging enabled).
* src/base/ftobjs.c (FT_Render_Glyph_Internal), src/base/ftoutln.c
(FT_Outline_Render): Don't call `FT_Set_Renderer'.
`API functions' are functions tagged with `FT_EXPORT_DEF'.
Besides trivial fixes, the following changes are included, too.
* src/base/ftbdf.c (FT_Get_BDF_Charset_ID, FT_Get_BDF_Property): Set
error code if no service is available.
* src/base/ftinit.c (FT_Done_FreeType): Change return value for
invalid `library' parameter to `Invalid_Library_Handle'.
* src/base/ftobjs.c (FT_New_Size): Change return value for invalid
`asize' parameter to `Invalid_Argument'.
* src/base/ftoutln.c (FT_Outline_Copy): Change return value for
invalid `source' and `target' parameters to `Invalid_Outline'.
(FT_Outline_Done_Internal): Change return value for invalid
`outline' parameter to `Invalid_Outline'.
The functions in this patch *do* return non-trivial errors that must
be taken care of.
* src/autofit/afloader.c (af_loader_load_g), src/base/ftobjs.c
(FT_Render_Glyph_Internal), src/base/ftoutln.c (FT_Outline_Render),
src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_endchar>,
src/psaux/psobjs.c (ps_parser_load_field_table), src/psaux/t1decode
(t1_decoder_parse_charstrings) <op_endchar>, src/truetype/ttgload.c
(load_truetype_glyph <subglyph loop>, tt_loader_init,
TT_Load_Glyph), src/truetype/ttgxvar.c (TT_Set_MM_Blend),
src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Do it.
The call was (from the top-level of the FreeType tree):
cppcheck --force \
--enable=all \
-I /usr/include \
-I /usr/local/include \
-I /usr/lib/gcc/i586-suse-linux/4.7/include \
-I include \
-I include/freetype \
-I include/freetype/config \
-I include/freetype/internal \
-DFT2_BUILD_LIBRARY \
. &> cppcheck.log
using cppcheck git commit f7e93f99.
Note that cppcheck still can't handle `#include FOO' (with `FOO' a
macro).
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/gxvalid/*: Comment out redundant code or guard it with
FT_DEBUG_LEVEL_TRACE.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
Problem reported by Robin Watts <robin.watts@artifex.com>.
* src/base/ftoutln.c (FT_Outline_New_Internal): Ensure that
`numContours' and `numPoints' fit into FT_Outline's `n_points' and
`n_contours', respectively.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Replace sequential
calls to FT_MulFix and FT_DivFix with FT_MulDiv.
Mention that bisectors are used to figure out the shift direction.
* include/freetype/ftoutln.h (FT_Outline_EmboldenXY): Define it.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Implement it, using a
simplified embolding algorithm.
(FT_Outline_Embolden): Make it a special case of
`FT_Outline_EmboldenXY'
==========================
Tag sources with `VER-2-3-12'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.3.12.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.3.11/2.3.12/, s/2311/2312/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 12.
* builds/unix/configure.raw (version_info): Set to 10:0:4.
(FT_Outline_Decompose): Decorate with tracing messages.
* src/smooth/ftgrays.c [DEBUG_GRAYS]: Replace with
FT_DEBUG_LEVEL_TRACE.
[_STANDALONE_ && FT_DEBUG_LEVEL_TRACE]: Include stdio.h and
stdarg.h.
(FT_TRACE) [_STANDALONE_]: Remove.
(FT_Message) [_STANDALONE_ && FT_DEBUG_LEVEL_TRACE]: New function.
(FT_TRACE5, FT_TRACE7) [_STANDALONE_]: New macros.
(FT_ERROR) [_STANDALONE_]: Updated.
(gray_hline) [FT_DEBUG_LEVEL_TRACE]: Fix condition.
Use FT_TRACE7.
(gray_dump_cells): Make it `static void'.
(graay_convert_glyph): Use FT_TRACE7.
(FT_Outline_Decompose) [_STANDALONE_]: Synchronize with version in
ftoutln.c.
* src/base/ftadvanc.c (FT_Get_Advance, FT_Get_Advances): Use
FT_ERROR_BASE.
Other minor modifications.
* include/freetype/internal/ftcalc.h, src/base/ftcalc.c
(FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled): New
functions.
* src/cff/cffobjs.h (CFF_Internal): New struct. It is used to
provide global hinting data for both the top-font and all subfonts
(with proper scaling).
* src/cff/cffobjs.c (cff_make_private_dict): New function, using
code from `cff_size_init'.
(cff_size_init, cff_size_done, cff_size_select, cff_size_request):
Use CFF_Internal and handle subfonts.
(cff_face_init): Handle top-dict and subfont matrices correctly;
apply some heuristic in case of unlikely matrix concatenation
results. This has been discussed with people from Adobe (thanks
goes mainly to David Lemon) who confirm that the CFF specs are fuzzy
and not correct.
* src/cff/cffgload.h (cff_decoder_prepare): Add `size' argument.
* src/cff/cffgload.c (cff_builder_init): Updated.
(cff_decoder_prepare): Handle hints globals for subfonts.
Update all callers.
(cff_slot_load): Handling scaling of subfonts properly.
* src/cff/cffparse.c (cff_parse_fixed_dynamic): New function.
(cff_parse_font_matrix): Use it.
* src/cff/cfftypes.h (CFF_FontDictRec): Make `units_per_em'
FT_ULong.
* docs/CHANGES: Document it.
