* src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
enclosed in balanced expressions, ensure that the cursor position
doesn't get larger than the current limit.
This is just very basic stuff and just a little bit tested on
GNU/Linux only. I won't delve into this since I'm not a Jam user.
* Jamfile: Call `HDRMACRO' for `ftserv.h' also.
(DEFINES): Replace with...
(CCFLAGS): ... this.
* src/Jamfile: Don't call `HDRMACRO' for `internal.h'; this is
already handled in the top-level Jamfile.
* src/autofit/Jamfile (DEFINES): Replace with...
(CCFLAGS): ... this.
(_sources): Add missing files.
* src/cache/Jamfile: Don't call `HDRMACRO' for `ftcache.h'; it no
longer contains macro header definitions.
* src/base/Jamfile, src/cff/Jamfile, src/sfnt/Jamfile,
src/truetype/Jamfile (_sources): Add missing files.
* include/internal/t1types.h (AFM_KernPairRec): Make indices
unsigned.
Update users.
(AFM_FontInfoRec): Make element counters unsigned.
Update users.
* src/psaux/afmparse.h (AFM_ValueRec): Add union member for unsigned
int.
* src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs):
Reject negative values for number of kerning elements.
* src/type1/t1afm.c, src/tools/test_afm.c: Updated.
Assure that FreeType's internal include directories are found before
`CPPFLAGS' (which might be set by the user in the environment), and
`CPPFLAGS' before `CFLAGS'.
* builds/freetype.mk (FT_CFLAGS): Don't add `INCLUDE_FLAGS'.
(FT_COMPILE): Make this a special variable for compiling only the
files handled in `freetype.mk'.
(.c.$O): Removed, unused.
* src/*/rules.mk (*_COMPILE): Fix order of include directories.
The functions in this patch *do* return non-trivial errors that must
be taken care of.
* src/autofit/afloader.c (af_loader_load_g), src/base/ftobjs.c
(FT_Render_Glyph_Internal), src/base/ftoutln.c (FT_Outline_Render),
src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_endchar>,
src/psaux/psobjs.c (ps_parser_load_field_table), src/psaux/t1decode
(t1_decoder_parse_charstrings) <op_endchar>, src/truetype/ttgload.c
(load_truetype_glyph <subglyph loop>, tt_loader_init,
TT_Load_Glyph), src/truetype/ttgxvar.c (TT_Set_MM_Blend),
src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Do it.
Don't cast cmap init function pointers to an incompatible type.
Without this patch, the number of parameters between declaration and
the real signature differs. Calling such a function results in
undefined behavior.
ISO/IEC 9899:TC3 (Committee Draft September 7, 2007)
6.5.2.2 Function calls
9 If the function is defined with a type that is not
compatible with the type (of the expression) pointed to by
the expression that denotes the called function, the
behavior is undefined.
On certain platforms (c -> js with emscripten) this causes
termination of execution or invalid calls because in the emscripten
implementation, function pointers of different types are stored in
different pointer arrays. Incorrect pointer type here results in
indexing of an incorrect array.
* src/cff/cffcmap.c (cff_cmap_encoding_init, cff_cmap_unicode_init),
src/pfr/pfrcmap.c (pfr_cmap_init), src/psaux/t1cmap.c
t1_cmap_standard_init, t1_cmap_expert_init, t1_cmap_custom_init,
t1_cmap_unicode_init), src/winfonts/winfnt.c (fnt_cmap_init): Fix
signature.
* src/type1/t1load.c (t1_parse_font_matrix): Properly handle result
of `T1_ToFixedArray'.
* src/cid/cidload.c (cid_parse_font_matrix): Synchronize with
`t1_parse_font_matrix'.
* src/type42/t42parse.c (t42_parse_font_matrix): Synchronize with
`t1_parse_font_matrix'.
(t42_parse_encoding): Synchronize with `t1_parse_encoding'.
* src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_BBOX>,
<T1_FIELD_TYPE_MMOX>: Properly handle result of `ps_tofixedarray'.
http://cppcheck.sourceforge.net/
Note that the current version heavily chokes on FreeType, delivering
even wrong results. I will report those issues to the cppcheck team
so that a newer version gives improved results hopefully.
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/base/ftmac.c ,builds/mac/ftmac.c (count_faces_scalable):
Remove unused variable.
* src/base/ftdbgmem.c (ft_mem_table_destroy): `table' can't be zero.
* src/gxvalid/gxvkern.c (gxv_kern_subtable_fmt1_entry_validate):
Remove functionless code.
* src/tools/ftrandom.c (main): Fix memory leak.
* src/base/ftcalc.c (FT_DivFix): Use unsigned values for
computations which use the left shift operator and convert to signed
as the last step.
* src/base/fttrigon.c (ft_trig_prenorm, FT_Vector_Rotate,
FT_Vector_Length, FT_Vector_Polarize): Ditto.
* src/cff/cffgload.c (cff_decoder_parse_charstrings): Simplify.
* src/cff/cffload.c (cff_subfont_load): Fix constant.
* src/cff/cffparse.c (cff_parse_integer, cff_parse_real, do_fixed,
cff_parse_fixed_dynamic): Use unsigned values for computations which
use the left shift operator and convert to signed as the last step.
* src/cid/cidload.c (cid_get_offset): Ditto.
* src/psaux/psconv.c (PS_Conv_ToFixed): Ditto.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Ditto.
* src/truetype/ttinterp.c (TT_MulFix14, TT_DotFix14): Ditto.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
* src/psaux/psconv.c (PS_Conv_Strtol): Always parse complete number,
even in case of overflow.
(PS_Conv_ToInt): Only increase cursor if parsing was successful.
(PS_Conv_ToFixed): Ditto.
Trace underflow and data error.
* src/psaux/psconv.c: Include FT_INTERNAL_DEBUG_H.
(FT_COMPONENT): Define.
(PS_Conv_Strtol): Return FT_Long.
Handle bad data and overflow.
Emit some tracing messages in case of error.
(PS_Conv_ToInt): Return FT_Long.
(PS_Conv_ToFixed): Updated.
* src/psaux/psconv.h: Updated.
* include/freetype/internal/fttrace.h: Add `psconv'.
* src/psaux/afmparse.c (afm_parse_track_kern): Don't inverse sign
for `min_kern'. It is indeed quite common that track kerning
*increases* spacing for very small sizes.
If in function `skip_spaces' the routine `skip_comment' comes to the
end of buffer, `cur' is still increased by one, so we need to check
for `p >= limit' and not `p == limit'.
* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed,
PS_Conv_ASCIIHexDecode, PS_Conv_EexecDecode): Fix boundary checking.
* src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message
only if cur < limit.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
value of `target->rows'.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
flex start.
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
`height'.
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
invalid values in `localpoints' array.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
When shifting right a signed value, it is not defined by the
C standard whether one gets a sign extension or not. Use a macro to
do an explicit cast from a signed short (assuming that this is
16bit) to an int.
* src/psaux/t1decode.c (Fix2Int): New macro.
Use it where appropriate.
start_point, check_points, add_point, add_point1, close_contour
macros.
Remove add_contour macro.
Return error code from t1_builder_start_point and
t1_builder_check_points when there was one (instead of returning 0).
Previously we discovered fonts which used `setcurrentpoint' to set
the initial point of a contour to 0,0. This caused FreeType to
raise an error, because the `setcurrentpoint' operator is only
supposed to be used with the results from an OtherSubr subroutine.
This was fixed by simply ignoring the error and carrying on.
Now we have found a font which uses setcurrentpoint to actually
establish a non-zero point for a contour during the course of a
glyph program. FWIW, these files may be produced by an application
called `Intaglio' on the Mac, when converting TrueType fonts to
Type 1.
The fix allows the new invalid behaviour, the old invalid behaviour
and real proper usage of the operator to work the same way as Adobe
interpreters apparently do.
(t1_decoder_parse_charstrings): Make `setcurrentpoint' use the top
two elements of the stack to establish unconditionally the current x
and y coordinates.
Make the `flex' subroutine handling (OtherSubr 0) put the current
x,y coordinates onto the stack, instead of two dummy uninitialised
values.
Werner Lemberg
Alexei Podtelezhnikov
Jarkko Pöyry
Vinnie Falco
suzuki toshiya
Dirk Müller
Matthias Drochner
John Tytgat
Ken Sharp