While the current code in `FT_Get_Next_Char' correctly rejects
out-of-bounds glyph indices, it can be extremely slow for malformed
cmaps that use 32bit values. This commit tries to improve that.
* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next,
tt_cmap12_char_map_binary, tt_cmap13_next,
tt_cmap13_char_map_binary): Reject glyph indices larger than or
equal to the number of glyphs.
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS. The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437
* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.
* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.
* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
This patch fixes weaknesses in function `tt_face_load_font_dir'.
- It incorrectly assumed that valid tables are always at the
beginning. As a consequence, some valid tables after invalid
entries (which are ignored) were never seen.
- Duplicate table entries (this is, having the same tag) were not
rejected.
- The number of valid tables was sometimes too large, leading to
access of invalid tables.
* src/sfnt/ttload.c (check_table_dir): Add argument to return number
of valid tables.
Add another tracing message.
(tt_face_load_font_dir): Only allocate table array for valid
entries as returned by `check_table_dir'.
Reject duplicate tables and adjust number of valid tables
accordingly.
* src/pcf/pcfread.c (pcf_load_font): Take absolute values for
AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y. In tracing mode, add warnings.
* src/gzip/ftgzip.c (ft_gzip_stream_close): Avoid memory leak.
(ft_gzip_get_uncompressed_file): Correct byte order while reading
unsigned long value. Without this change, the whole optimization of
accessing small files in `FT_Stream_OpenGzip' is never executed! As
a consequence, access to PCF files in general (which are normally
small files) should be much improved now as originally intended.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
enclosed in balanced expressions, ensure that the cursor position
doesn't get larger than the current limit.
This commit adds two fallback scripts (`latb', `latp') and
implements support for the no-base character ranges introduced in
the previous commit.
* src/autofit/aftypes.h (AF_ScriptClassRec): Add
`script_uni_nobase_ranges' field.
(AF_DEFINE_SCRIPT_CLASS): Updated.
* src/autofit/afscript.h, src/autofit/afstyles.h: Add `latb' and
`latp' fallback scripts.
* src/autofit/afblue.dat: Add blue zones for Latin subscript and
superscript fallback scripts.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afglobal.h (AF_NOBASE): New style flag for no-base
characters.
(AF_STYLE_MASK): Updated.
* src/autofit/afglobal.c (SCRIPT): Updated.
(af_face_globals_compute_style_coverage): Handle new style flag.
* src/autofit/aflatin.c (af_latin_hints_apply): Handle new style
flag.
* src/autofit/afranges.h (SCRIPT): Use it to export no-base ranges.
This patch introduces auxiliary code ranges that identify no-base
characters; they refer to glyphs of a script that should be hinted
without alignments to blue zones (mostly diacritics).
It also splits off ranges for fallback scripts that handle subscript
and superscript characters not covered by OpenType features. For
example, this greatly helps improve the hinting of various phonetic
alphabets, which contain a large amount characters that look like
superscript glyphs.
Finally, code ranges are updated to Unicode 8.0, and enclosed
characters are removed in general since they normally look better if
they stay unhinted.
* src/autofit/afranges.c (af_latn_uniranges): Updated to Unicode
8.0.
Split off superscript-like and subscript-like glyphs into...
(af_latb_uniranges, af_latp_uniranges): ... these two new arrays.
(af_xxxx_nobase_uniranges): New arrays that hold no-base characters
of the corresponding character ranges.
* src/autofit/afglobal.h (AF_STYLE_MASK): New macro.
(AF_STYLE_UNASSIGNED): Use AF_STYLE_MASK for definition.
* src/autofit/afglobal.c (af_face_globals_compute_style_coverage):
Updated.
* include/freetype/ftautoh.h (FT_Prop_GlyphToScriptMap): Use
`FT_UShort' for `map' field.
* src/autofit/afglobal.c (af_face_globals_compute_style_coverage,
af_face_globals_new), src/autofit/hbshim.c, src/autofit/hbshim.h
(af_get_coverage): Use FT_UShort for `glyph_styles' array.
* src/autofit/afglobal.h (AF_STYLE_UNASSIGNED, AF_DIGIT): Extend to
16 bits.
(AF_FaceGlobalsRec): Use `FT_UShort' for `glyph_styles' field.
For functions querying a face, bits 16-30 of the face index can hold
the named instance index if we have a GX font. The indices start
with value 1; value 0 indicates font access without GX variation
data.
* include/freetype/freetype.h (FT_FaceRec): Update documentation.
* include/freetype/internal/sfnt.h: Ditto.
* src/sfnt/sfobjs.c (sfnt_init_face)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Get number of named instances and
do argument checks.
(sfnt_load_face): Updated.
* src/truetype/ttobjs.c (tt_face_init)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Use named instance, overwriting
the style name.
* src/base/ftobjs.c (open_face_from_buffer,
open_face_PS_from_sfnt_stream): Updated.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Updated.
* src/cff/cffload.c (cff_font_load): Updated.
* src/cff/cffobjs.c (cff_face_init): Make function exit early for
pure CFF fonts if `font_index < 0'.
Updated.
* src/cid/cidobjs.c (cid_face_init): Updated.
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
* src/pfr/pfrobjs.c (pfr_face_init): Updated.
* src/type1/t1objs.c (T1_Face_Init): Updated.
* src/type42/t42objs.c (T42_Face_Init): Updated.
* src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init):
Updated.
* docs/CHANGES: Updated.
* src/type1/t1gload.c (T1_Load_Glyph): Directly modify advances only
if font matrix is not trivial.
* src/cff/cffgload.c (cff_slot_load): Ditto.
* sff/cid/cidgload.c (cid_slot_load_glyph): Ditto for advances and the
entire outline.