The goal is to avoid integer overflows in the rendering algorithms.
The limit is chosen arbitrarily at some 2^18 pixels, which should be
enough for modern devices including printers.
* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
enormous outlines.
* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Only accept
positive values from header.
Check overflow.
* src/base/ftoutln.c (SCALED): Correctly handle left-shift of
negative values.
* src/bdf/bdf.h (_bdf_glyph_modified, _bdf_set_glyph_modified,
_bdf_clear_glyph_modified): Use unsigned long constant.
* src/bdf/bdfdrivr.c (BDF_Size_Select, BDF_Glyph_Load): Don't
left-shift values that can be negative.
* src/pcf/pcfdrivr.c (PCF_Size_Select, PCF_Glyph_Load): Don't
left-shift values that can be negative.
* src/raster/ftraster.c (SCALED): Correctly handle left-shift of
negative values.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Don't left-shift
values that can be negative.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph,
compute_glyph_metrics, load_sbit_image): Don't left-shift values
that can be negative.
Instead of keeping `library->renderers' in a MRU order, just leave
it as-is. The MRU machinery wasn't thread-safe.
With this patch, rasterizing glyphs from different faces from
different threads doesn't fail choosing rasterizer
(FT_Err_Cannot_Render_Glyph).
Easiest to see that crash was to add a `printf' (or otherwise let
thread yield in FT_Throw with debugging enabled).
* src/base/ftobjs.c (FT_Render_Glyph_Internal), src/base/ftoutln.c
(FT_Outline_Render): Don't call `FT_Set_Renderer'.
`API functions' are functions tagged with `FT_EXPORT_DEF'.
Besides trivial fixes, the following changes are included, too.
* src/base/ftbdf.c (FT_Get_BDF_Charset_ID, FT_Get_BDF_Property): Set
error code if no service is available.
* src/base/ftinit.c (FT_Done_FreeType): Change return value for
invalid `library' parameter to `Invalid_Library_Handle'.
* src/base/ftobjs.c (FT_New_Size): Change return value for invalid
`asize' parameter to `Invalid_Argument'.
* src/base/ftoutln.c (FT_Outline_Copy): Change return value for
invalid `source' and `target' parameters to `Invalid_Outline'.
(FT_Outline_Done_Internal): Change return value for invalid
`outline' parameter to `Invalid_Outline'.
The functions in this patch *do* return non-trivial errors that must
be taken care of.
* src/autofit/afloader.c (af_loader_load_g), src/base/ftobjs.c
(FT_Render_Glyph_Internal), src/base/ftoutln.c (FT_Outline_Render),
src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_endchar>,
src/psaux/psobjs.c (ps_parser_load_field_table), src/psaux/t1decode
(t1_decoder_parse_charstrings) <op_endchar>, src/truetype/ttgload.c
(load_truetype_glyph <subglyph loop>, tt_loader_init,
TT_Load_Glyph), src/truetype/ttgxvar.c (TT_Set_MM_Blend),
src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Do it.
The call was (from the top-level of the FreeType tree):
cppcheck --force \
--enable=all \
-I /usr/include \
-I /usr/local/include \
-I /usr/lib/gcc/i586-suse-linux/4.7/include \
-I include \
-I include/freetype \
-I include/freetype/config \
-I include/freetype/internal \
-DFT2_BUILD_LIBRARY \
. &> cppcheck.log
using cppcheck git commit f7e93f99.
Note that cppcheck still can't handle `#include FOO' (with `FOO' a
macro).
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/gxvalid/*: Comment out redundant code or guard it with
FT_DEBUG_LEVEL_TRACE.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
Problem reported by Robin Watts <robin.watts@artifex.com>.
* src/base/ftoutln.c (FT_Outline_New_Internal): Ensure that
`numContours' and `numPoints' fit into FT_Outline's `n_points' and
`n_contours', respectively.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Replace sequential
calls to FT_MulFix and FT_DivFix with FT_MulDiv.
Mention that bisectors are used to figure out the shift direction.
* include/freetype/ftoutln.h (FT_Outline_EmboldenXY): Define it.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Implement it, using a
simplified embolding algorithm.
(FT_Outline_Embolden): Make it a special case of
`FT_Outline_EmboldenXY'
==========================
Tag sources with `VER-2-3-12'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.3.12.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.3.11/2.3.12/, s/2311/2312/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 12.
* builds/unix/configure.raw (version_info): Set to 10:0:4.
(FT_Outline_Decompose): Decorate with tracing messages.
* src/smooth/ftgrays.c [DEBUG_GRAYS]: Replace with
FT_DEBUG_LEVEL_TRACE.
[_STANDALONE_ && FT_DEBUG_LEVEL_TRACE]: Include stdio.h and
stdarg.h.
(FT_TRACE) [_STANDALONE_]: Remove.
(FT_Message) [_STANDALONE_ && FT_DEBUG_LEVEL_TRACE]: New function.
(FT_TRACE5, FT_TRACE7) [_STANDALONE_]: New macros.
(FT_ERROR) [_STANDALONE_]: Updated.
(gray_hline) [FT_DEBUG_LEVEL_TRACE]: Fix condition.
Use FT_TRACE7.
(gray_dump_cells): Make it `static void'.
(graay_convert_glyph): Use FT_TRACE7.
(FT_Outline_Decompose) [_STANDALONE_]: Synchronize with version in
ftoutln.c.
* src/base/ftadvanc.c (FT_Get_Advance, FT_Get_Advances): Use
FT_ERROR_BASE.
Other minor modifications.
