aboutsummaryrefslogtreecommitdiff
path: root/freetype/src
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2010-08-20 08:28:36 +0000
committermarha <marha@users.sourceforge.net>2010-08-20 08:28:36 +0000
commitf5d6fd32902e742cc62622b1abc8826dd7c03c32 (patch)
tree96c33069543f425f5f70045e24b549a5783c73d1 /freetype/src
parent3799f1085abb02c5721f4c33f42c063edb68029d (diff)
parent00666832a756014eef48c4f5bd8484cc1299bdf0 (diff)
downloadvcxsrv-f5d6fd32902e742cc62622b1abc8826dd7c03c32.tar.gz
vcxsrv-f5d6fd32902e742cc62622b1abc8826dd7c03c32.tar.bz2
vcxsrv-f5d6fd32902e742cc62622b1abc8826dd7c03c32.zip
svn merge ^/branches/released .
Diffstat (limited to 'freetype/src')
-rw-r--r--freetype/src/base/ftobjs.c126
-rw-r--r--freetype/src/base/ftstream.c2
-rw-r--r--freetype/src/cff/cffgload.c90
-rw-r--r--freetype/src/raster/ftraster.c11
-rw-r--r--freetype/src/truetype/ttinterp.c103
-rw-r--r--freetype/src/truetype/ttinterp.h2
-rw-r--r--freetype/src/type42/t42parse.c13
7 files changed, 224 insertions, 123 deletions
diff --git a/freetype/src/base/ftobjs.c b/freetype/src/base/ftobjs.c
index 17d2d3680..a065aee09 100644
--- a/freetype/src/base/ftobjs.c
+++ b/freetype/src/base/ftobjs.c
@@ -142,7 +142,7 @@
if ( !args )
return FT_Err_Invalid_Argument;
- memory = library->memory;
+ memory = library->memory;
if ( FT_NEW( stream ) )
goto Exit;
@@ -1574,6 +1574,7 @@
FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
i, offsets[i], rlen, flags ));
+ /* postpone the check of rlen longer than buffer until FT_Stream_Read() */
if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */
continue;
@@ -1613,6 +1614,10 @@
pfb_data[pfb_pos++] = 0;
}
+ error = FT_Err_Cannot_Open_Resource;
+ if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
+ goto Exit2;
+
error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
if ( error )
goto Exit2;
@@ -1960,9 +1965,9 @@
FT_Error error;
FT_Driver driver;
FT_Memory memory;
- FT_Stream stream = 0;
- FT_Face face = 0;
- FT_ListNode node = 0;
+ FT_Stream stream = NULL;
+ FT_Face face = NULL;
+ FT_ListNode node = NULL;
FT_Bool external_stream;
FT_Module* cur;
FT_Module* limit;
@@ -2186,6 +2191,8 @@
internal->transform_delta.x = 0;
internal->transform_delta.y = 0;
+
+ internal->refcount = 1;
}
if ( aface )
@@ -2274,6 +2281,17 @@
/* documentation is in freetype.h */
FT_EXPORT_DEF( FT_Error )
+ FT_Reference_Face( FT_Face face )
+ {
+ face->internal->refcount++;
+
+ return FT_Err_Ok;
+ }
+
+
+ /* documentation is in freetype.h */
+
+ FT_EXPORT_DEF( FT_Error )
FT_Done_Face( FT_Face face )
{
FT_Error error;
@@ -2285,22 +2303,29 @@
error = FT_Err_Invalid_Face_Handle;
if ( face && face->driver )
{
- driver = face->driver;
- memory = driver->root.memory;
-
- /* find face in driver's list */
- node = FT_List_Find( &driver->faces_list, face );
- if ( node )
+ face->internal->refcount--;
+ if ( face->internal->refcount > 0 )
+ error = FT_Err_Ok;
+ else
{
- /* remove face object from the driver's list */
- FT_List_Remove( &driver->faces_list, node );
- FT_FREE( node );
+ driver = face->driver;
+ memory = driver->root.memory;
- /* now destroy the object proper */
- destroy_face( memory, face, driver );
- error = FT_Err_Ok;
+ /* find face in driver's list */
+ node = FT_List_Find( &driver->faces_list, face );
+ if ( node )
+ {
+ /* remove face object from the driver's list */
+ FT_List_Remove( &driver->faces_list, node );
+ FT_FREE( node );
+
+ /* now destroy the object proper */
+ destroy_face( memory, face, driver );
+ error = FT_Err_Ok;
+ }
}
}
+
return error;
}
@@ -4265,10 +4290,21 @@
/* documentation is in ftmodapi.h */
FT_EXPORT_DEF( FT_Error )
+ FT_Reference_Library( FT_Library library )
+ {
+ library->refcount++;
+
+ return FT_Err_Ok;
+ }
+
+
+ /* documentation is in ftmodapi.h */
+
+ FT_EXPORT_DEF( FT_Error )
FT_New_Library( FT_Memory memory,
FT_Library *alibrary )
{
- FT_Library library = 0;
+ FT_Library library = NULL;
FT_Error error;
@@ -4304,6 +4340,8 @@
library->version_minor = FREETYPE_MINOR;
library->version_patch = FREETYPE_PATCH;
+ library->refcount = 1;
+
/* That's ok now */
*alibrary = library;
@@ -4360,40 +4398,64 @@
if ( !library )
return FT_Err_Invalid_Library_Handle;
+ library->refcount--;
+ if ( library->refcount > 0 )
+ goto Exit;
+
memory = library->memory;
/* Discard client-data */
if ( library->generic.finalizer )
library->generic.finalizer( library );
- /* Close all faces in the library. If we don't do
- * this, we can have some subtle memory leaks.
+ /*
+ * Close all faces in the library. If we don't do this, we can have
+ * some subtle memory leaks.
+ *
* Example:
*
* - the cff font driver uses the pshinter module in cff_size_done
* - if the pshinter module is destroyed before the cff font driver,
* opened FT_Face objects managed by the driver are not properly
* destroyed, resulting in a memory leak
+ *
+ * Some faces are dependent on other faces, like Type42 faces that
+ * depend on TrueType faces synthesized internally.
+ *
+ * The order of drivers should be specified in driver_name[].
*/
{
- FT_UInt n;
+ FT_UInt m, n;
+ const char* driver_name[] = { "type42", NULL };
- for ( n = 0; n < library->num_modules; n++ )
+ for ( m = 0;
+ m < sizeof ( driver_name ) / sizeof ( driver_name[0] );
+ m++ )
{
- FT_Module module = library->modules[n];
- FT_List faces;
+ for ( n = 0; n < library->num_modules; n++ )
+ {
+ FT_Module module = library->modules[n];
+ const char* module_name = module->clazz->module_name;
+ FT_List faces;
- if ( ( module->clazz->module_flags & FT_MODULE_FONT_DRIVER ) == 0 )
- continue;
+ if ( driver_name[m] &&
+ ft_strcmp( module_name, driver_name[m] ) != 0 )
+ continue;
- faces = &FT_DRIVER(module)->faces_list;
- while ( faces->head )
- {
- FT_Done_Face( FT_FACE( faces->head->data ) );
- if ( faces->head )
- FT_TRACE0(( "FT_Done_Library: failed to free some faces\n" ));
+ if ( ( module->clazz->module_flags & FT_MODULE_FONT_DRIVER ) == 0 )
+ continue;
+
+ FT_TRACE7(( "FT_Done_Library: close faces for %s\n", module_name ));
+
+ faces = &FT_DRIVER( module )->faces_list;
+ while ( faces->head )
+ {
+ FT_Done_Face( FT_FACE( faces->head->data ) );
+ if ( faces->head )
+ FT_TRACE0(( "FT_Done_Library: failed to free some faces\n" ));
+ }
}
}
}
@@ -4435,6 +4497,8 @@
#endif
FT_FREE( library );
+
+ Exit:
return FT_Err_Ok;
}
diff --git a/freetype/src/base/ftstream.c b/freetype/src/base/ftstream.c
index f8ca312f3..c36cadd79 100644
--- a/freetype/src/base/ftstream.c
+++ b/freetype/src/base/ftstream.c
@@ -287,7 +287,7 @@
{
/* check current and new position */
if ( stream->pos >= stream->size ||
- stream->pos + count > stream->size )
+ stream->size - stream->pos < count )
{
FT_ERROR(( "FT_Stream_EnterFrame:"
" invalid i/o; pos = 0x%lx, count = %lu, size = 0x%lx\n",
diff --git a/freetype/src/cff/cffgload.c b/freetype/src/cff/cffgload.c
index a988d5117..6dce4f3a1 100644
--- a/freetype/src/cff/cffgload.c
+++ b/freetype/src/cff/cffgload.c
@@ -2280,6 +2280,8 @@
/* subsequent `pop' operands should add the arguments, */
/* this is the implementation described for `unknown' other */
/* subroutines in the Type1 spec. */
+ /* */
+ /* XXX Fix return arguments (see discussion below). */
args -= 2 + ( args[-2] >> 16 );
if ( args < stack )
goto Stack_Underflow;
@@ -2292,6 +2294,22 @@
FT_TRACE4(( " pop (invalid op)\n" ));
+ /* XXX Increasing `args' is wrong: After a certain number of */
+ /* `pop's we get a stack overflow. Reason for doing it is */
+ /* code like this (actually found in a CFF font): */
+ /* */
+ /* 17 1 3 callothersubr */
+ /* pop */
+ /* callsubr */
+ /* */
+ /* Since we handle `callothersubr' as a no-op, and */
+ /* `callsubr' needs at least one argument, `pop' can't be a */
+ /* no-op too as it basically should be. */
+ /* */
+ /* The right solution would be to provide real support for */
+ /* `callothersubr' as done in `t1decode.c', however, given */
+ /* the fact that CFF fonts with `pop' are invalid, it is */
+ /* questionable whether it is worth the time. */
args++;
break;
@@ -2455,7 +2473,10 @@
return CFF_Err_Unimplemented_Feature;
}
- decoder->top = args;
+ decoder->top = args;
+
+ if ( decoder->top - stack >= CFF_MAX_OPERANDS )
+ goto Stack_Overflow;
} /* general operator processing */
@@ -2728,48 +2749,53 @@
/* now load the unscaled outline */
error = cff_get_glyph_data( face, glyph_index,
&charstring, &charstring_len );
- if ( !error )
- {
- error = cff_decoder_prepare( &decoder, size, glyph_index );
- if ( !error )
- {
- error = cff_decoder_parse_charstrings( &decoder,
- charstring,
- charstring_len );
+ if ( error )
+ goto Glyph_Build_Finished;
- cff_free_glyph_data( face, &charstring, charstring_len );
+ error = cff_decoder_prepare( &decoder, size, glyph_index );
+ if ( error )
+ goto Glyph_Build_Finished;
+
+ error = cff_decoder_parse_charstrings( &decoder,
+ charstring,
+ charstring_len );
+ cff_free_glyph_data( face, &charstring, charstring_len );
+
+ if ( error )
+ goto Glyph_Build_Finished;
#ifdef FT_CONFIG_OPTION_INCREMENTAL
- /* Control data and length may not be available for incremental */
- /* fonts. */
- if ( face->root.internal->incremental_interface )
- {
- glyph->root.control_data = 0;
- glyph->root.control_len = 0;
- }
- else
+ /* Control data and length may not be available for incremental */
+ /* fonts. */
+ if ( face->root.internal->incremental_interface )
+ {
+ glyph->root.control_data = 0;
+ glyph->root.control_len = 0;
+ }
+ else
#endif /* FT_CONFIG_OPTION_INCREMENTAL */
- /* We set control_data and control_len if charstrings is loaded. */
- /* See how charstring loads at cff_index_access_element() in */
- /* cffload.c. */
- {
- CFF_Index csindex = &cff->charstrings_index;
+ /* We set control_data and control_len if charstrings is loaded. */
+ /* See how charstring loads at cff_index_access_element() in */
+ /* cffload.c. */
+ {
+ CFF_Index csindex = &cff->charstrings_index;
- if ( csindex->offsets )
- {
- glyph->root.control_data = csindex->bytes +
- csindex->offsets[glyph_index] - 1;
- glyph->root.control_len = charstring_len;
- }
- }
+ if ( csindex->offsets )
+ {
+ glyph->root.control_data = csindex->bytes +
+ csindex->offsets[glyph_index] - 1;
+ glyph->root.control_len = charstring_len;
}
}
- /* save new glyph tables */
- cff_builder_done( &decoder.builder );
+ Glyph_Build_Finished:
+ /* save new glyph tables, if no error */
+ if ( !error )
+ cff_builder_done( &decoder.builder );
+ /* XXX: anything to do for broken glyph entry? */
}
#ifdef FT_CONFIG_OPTION_INCREMENTAL
diff --git a/freetype/src/raster/ftraster.c b/freetype/src/raster/ftraster.c
index bf34d1d58..c7245166d 100644
--- a/freetype/src/raster/ftraster.c
+++ b/freetype/src/raster/ftraster.c
@@ -1931,18 +1931,21 @@
y1 = SCALED( point[-2].y );
x2 = SCALED( point[-1].x );
y2 = SCALED( point[-1].y );
- x3 = SCALED( point[ 0].x );
- y3 = SCALED( point[ 0].y );
if ( flipped )
{
SWAP_( x1, y1 );
SWAP_( x2, y2 );
- SWAP_( x3, y3 );
}
if ( point <= limit )
{
+ x3 = SCALED( point[0].x );
+ y3 = SCALED( point[0].y );
+
+ if ( flipped )
+ SWAP_( x3, y3 );
+
if ( Cubic_To( RAS_VARS x1, y1, x2, y2, x3, y3 ) )
goto Fail;
continue;
@@ -2495,7 +2498,7 @@
PByte p;
- p = bits - e1*ras.target.pitch;
+ p = bits - e1 * ras.target.pitch;
if ( ras.target.pitch > 0 )
p += ( ras.target.rows - 1 ) * ras.target.pitch;
diff --git a/freetype/src/truetype/ttinterp.c b/freetype/src/truetype/ttinterp.c
index a54d0eec2..2f5316e3a 100644
--- a/freetype/src/truetype/ttinterp.c
+++ b/freetype/src/truetype/ttinterp.c
@@ -224,9 +224,10 @@
/*************************************************************************/
/* */
- /* A simple bounds-checking macro. */
+ /* Two simple bounds-checking macros. */
/* */
-#define BOUNDS( x, n ) ( (FT_UInt)(x) >= (FT_UInt)(n) )
+#define BOUNDS( x, n ) ( (FT_UInt)(x) >= (FT_UInt)(n) )
+#define BOUNDSL( x, n ) ( (FT_ULong)(x) >= (FT_ULong)(n) )
#undef SUCCESS
#define SUCCESS 0
@@ -3281,39 +3282,39 @@
args[0] = FT_PIX_CEIL( args[0] );
-#define DO_RS \
- { \
- FT_ULong I = (FT_ULong)args[0]; \
- \
- \
- if ( BOUNDS( I, CUR.storeSize ) ) \
- { \
- if ( CUR.pedantic_hinting ) \
- { \
- ARRAY_BOUND_ERROR; \
- } \
- else \
- args[0] = 0; \
- } \
- else \
- args[0] = CUR.storage[I]; \
+#define DO_RS \
+ { \
+ FT_ULong I = (FT_ULong)args[0]; \
+ \
+ \
+ if ( BOUNDSL( I, CUR.storeSize ) ) \
+ { \
+ if ( CUR.pedantic_hinting ) \
+ { \
+ ARRAY_BOUND_ERROR; \
+ } \
+ else \
+ args[0] = 0; \
+ } \
+ else \
+ args[0] = CUR.storage[I]; \
}
-#define DO_WS \
- { \
- FT_ULong I = (FT_ULong)args[0]; \
- \
- \
- if ( BOUNDS( I, CUR.storeSize ) ) \
- { \
- if ( CUR.pedantic_hinting ) \
- { \
- ARRAY_BOUND_ERROR; \
- } \
- } \
- else \
- CUR.storage[I] = args[1]; \
+#define DO_WS \
+ { \
+ FT_ULong I = (FT_ULong)args[0]; \
+ \
+ \
+ if ( BOUNDSL( I, CUR.storeSize ) ) \
+ { \
+ if ( CUR.pedantic_hinting ) \
+ { \
+ ARRAY_BOUND_ERROR; \
+ } \
+ } \
+ else \
+ CUR.storage[I] = args[1]; \
}
@@ -3322,7 +3323,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -3341,7 +3342,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -3358,7 +3359,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -4679,7 +4680,7 @@
/* first of all, check the index */
F = args[0];
- if ( BOUNDS( F, CUR.maxFunc + 1 ) )
+ if ( BOUNDSL( F, CUR.maxFunc + 1 ) )
goto Fail;
/* Except for some old Apple fonts, all functions in a TrueType */
@@ -4755,7 +4756,7 @@
/* first of all, check the index */
F = args[1];
- if ( BOUNDS( F, CUR.maxFunc + 1 ) )
+ if ( BOUNDSL( F, CUR.maxFunc + 1 ) )
goto Fail;
/* Except for some old Apple fonts, all functions in a TrueType */
@@ -5030,7 +5031,7 @@
L = (FT_ULong)args[0];
- if ( BOUNDS( L, CUR.zp2.n_points ) )
+ if ( BOUNDSL( L, CUR.zp2.n_points ) )
{
if ( CUR.pedantic_hinting )
{
@@ -5114,8 +5115,8 @@
K = (FT_UShort)args[1];
L = (FT_UShort)args[0];
- if( BOUNDS( L, CUR.zp0.n_points ) ||
- BOUNDS( K, CUR.zp1.n_points ) )
+ if ( BOUNDS( L, CUR.zp0.n_points ) ||
+ BOUNDS( K, CUR.zp1.n_points ) )
{
if ( CUR.pedantic_hinting )
{
@@ -5769,12 +5770,12 @@
static void
Ins_SHZ( INS_ARG )
{
- TT_GlyphZoneRec zp;
- FT_UShort refp;
- FT_F26Dot6 dx,
- dy;
+ TT_GlyphZoneRec zp;
+ FT_UShort refp;
+ FT_F26Dot6 dx,
+ dy;
- FT_UShort last_point, i;
+ FT_UShort last_point, i;
if ( BOUNDS( args[0], 2 ) )
@@ -5976,8 +5977,8 @@
cvtEntry = (FT_ULong)args[1];
point = (FT_UShort)args[0];
- if ( BOUNDS( point, CUR.zp0.n_points ) ||
- BOUNDS( cvtEntry, CUR.cvtSize ) )
+ if ( BOUNDS( point, CUR.zp0.n_points ) ||
+ BOUNDSL( cvtEntry, CUR.cvtSize ) )
{
if ( CUR.pedantic_hinting )
CUR.error = TT_Err_Invalid_Reference;
@@ -6169,7 +6170,7 @@
/* XXX: UNDOCUMENTED! cvt[-1] = 0 always */
if ( BOUNDS( point, CUR.zp1.n_points ) ||
- BOUNDS( cvtEntry, CUR.cvtSize + 1 ) ||
+ BOUNDSL( cvtEntry, CUR.cvtSize + 1 ) ||
BOUNDS( CUR.GS.rp0, CUR.zp0.n_points ) )
{
if ( CUR.pedantic_hinting )
@@ -6420,8 +6421,8 @@
p1 = (FT_UShort)args[0];
p2 = (FT_UShort)args[1];
- if ( BOUNDS( args[0], CUR.zp1.n_points ) ||
- BOUNDS( args[1], CUR.zp0.n_points ) )
+ if ( BOUNDS( p1, CUR.zp1.n_points ) ||
+ BOUNDS( p2, CUR.zp0.n_points ) )
{
if ( CUR.pedantic_hinting )
CUR.error = TT_Err_Invalid_Reference;
@@ -6950,7 +6951,7 @@
A = (FT_ULong)CUR.stack[CUR.args + 1];
B = CUR.stack[CUR.args];
- if ( BOUNDS( A, CUR.cvtSize ) )
+ if ( BOUNDSL( A, CUR.cvtSize ) )
{
if ( CUR.pedantic_hinting )
{
diff --git a/freetype/src/truetype/ttinterp.h b/freetype/src/truetype/ttinterp.h
index 732a1f298..c480dfa50 100644
--- a/freetype/src/truetype/ttinterp.h
+++ b/freetype/src/truetype/ttinterp.h
@@ -150,7 +150,7 @@ FT_BEGIN_HEADER
FT_Bool step_ins; /* true if the interpreter must */
/* increment IP after ins. exec */
- FT_Long cvtSize;
+ FT_ULong cvtSize;
FT_Long* cvt;
FT_UInt glyphSize; /* glyph instructions buffer size */
diff --git a/freetype/src/type42/t42parse.c b/freetype/src/type42/t42parse.c
index de26a18dc..c06dc911e 100644
--- a/freetype/src/type42/t42parse.c
+++ b/freetype/src/type42/t42parse.c
@@ -4,7 +4,7 @@
/* */
/* Type 42 font parser (body). */
/* */
-/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */
+/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
/* Roberto Alameda. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -577,6 +577,12 @@
}
string_size = T1_ToInt( parser );
+ if ( string_size < 0 )
+ {
+ FT_ERROR(( "t42_parse_sfnts: invalid string size\n" ));
+ error = T42_Err_Invalid_File_Format;
+ goto Fail;
+ }
T1_Skip_PS_Token( parser ); /* `RD' */
if ( parser->root.error )
@@ -584,13 +590,14 @@
string_buf = parser->root.cursor + 1; /* one space after `RD' */
- parser->root.cursor += string_size + 1;
- if ( parser->root.cursor >= limit )
+ if ( limit - parser->root.cursor < string_size )
{
FT_ERROR(( "t42_parse_sfnts: too many binary data\n" ));
error = T42_Err_Invalid_File_Format;
goto Fail;
}
+ else
+ parser->root.cursor += string_size + 1;
}
if ( !string_buf )
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 05:40:10 +0000