From 47ed6413ce8f2586b8d542dc46055e075a47022e Mon Sep 17 00:00:00 2001 From: marha Date: Fri, 6 Aug 2010 10:14:25 +0000 Subject: Updated to freetype 2.4.1 --- freetype/src/cff/cffgload.c | 47 ++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 18 deletions(-) (limited to 'freetype/src/cff/cffgload.c') diff --git a/freetype/src/cff/cffgload.c b/freetype/src/cff/cffgload.c index 9330c0588..347041cfe 100644 --- a/freetype/src/cff/cffgload.c +++ b/freetype/src/cff/cffgload.c @@ -22,7 +22,6 @@ #include FT_INTERNAL_STREAM_H #include FT_INTERNAL_SFNT_H #include FT_OUTLINE_H -#include FT_INTERNAL_POSTSCRIPT_HINTS_H #include "cffobjs.h" #include "cffload.h" @@ -394,7 +393,7 @@ /* initialize Type2 decoder */ decoder->cff = cff; - decoder->num_globals = cff->num_global_subrs; + decoder->num_globals = cff->global_subrs_index.count; decoder->globals = cff->global_subrs; decoder->globals_bias = cff_compute_bias( cff->top_font.font_dict.charstring_type, @@ -430,7 +429,7 @@ goto Exit; } - FT_TRACE4(( "glyph index %d (subfont %d):\n", glyph_index, fd_index )); + FT_TRACE3(( "glyph index %d (subfont %d):\n", glyph_index, fd_index )); sub = cff->subfonts[fd_index]; @@ -445,10 +444,10 @@ } #ifdef FT_DEBUG_LEVEL_TRACE else - FT_TRACE4(( "glyph index %d:\n", glyph_index )); + FT_TRACE3(( "glyph index %d:\n", glyph_index )); #endif - decoder->num_locals = sub->num_local_subrs; + decoder->num_locals = sub->local_subrs_index.count; decoder->locals = sub->local_subrs; decoder->locals_bias = cff_compute_bias( decoder->cff->top_font.font_dict.charstring_type, @@ -812,10 +811,10 @@ charstring_len ); decoder->seac = FALSE; + cff_free_glyph_data( face, &charstring, charstring_len ); + if ( error ) goto Exit; - - cff_free_glyph_data( face, &charstring, charstring_len ); } /* Save the left bearing, advance and glyph width of the base */ @@ -842,10 +841,10 @@ charstring_len ); decoder->seac = FALSE; + cff_free_glyph_data( face, &charstring, charstring_len ); + if ( error ) goto Exit; - - cff_free_glyph_data( face, &charstring, charstring_len ); } /* Restore the left side bearing, advance and glyph width */ @@ -1340,6 +1339,14 @@ decoder->num_hints += num_args / 2; } + /* In a valid charstring there must be at least one byte */ + /* after `hintmask' or `cntrmask' (e.g., for a `return' */ + /* instruction). Additionally, there must be space for */ + /* `num_hints' bits. */ + + if ( ( ip + ( ( decoder->num_hints + 7 ) >> 3 ) ) >= limit ) + goto Syntax_Error; + if ( hinter ) { if ( op == cff_op_hintmask ) @@ -1358,20 +1365,18 @@ FT_UInt maskbyte; - FT_TRACE4(( " (maskbytes: " )); + FT_TRACE4(( " (maskbytes:" )); for ( maskbyte = 0; - maskbyte < (FT_UInt)(( decoder->num_hints + 7 ) >> 3); + maskbyte < (FT_UInt)( ( decoder->num_hints + 7 ) >> 3 ); maskbyte++, ip++ ) - FT_TRACE4(( "0x%02X", *ip )); + FT_TRACE4(( " 0x%02X", *ip )); FT_TRACE4(( ")\n" )); } #else ip += ( decoder->num_hints + 7 ) >> 3; #endif - if ( ip >= limit ) - goto Syntax_Error; args = stack; break; @@ -2276,6 +2281,8 @@ /* this is the implementation described for `unknown' other */ /* subroutines in the Type1 spec. */ args -= 2 + ( args[-2] >> 16 ); + if ( args < stack ) + goto Stack_Underflow; break; case cff_op_pop: @@ -2668,11 +2675,15 @@ /* this scaling is only relevant if the PS hinter isn't active */ if ( cff->num_subfonts ) { - FT_Byte fd_index = cff_fd_select_get( &cff->fd_select, - glyph_index ); + FT_ULong top_upm, sub_upm; + FT_Byte fd_index = cff_fd_select_get( &cff->fd_select, + glyph_index ); + + if ( fd_index >= cff->num_subfonts ) + fd_index = cff->num_subfonts - 1; - FT_ULong top_upm = cff->top_font.font_dict.units_per_em; - FT_ULong sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em; + top_upm = cff->top_font.font_dict.units_per_em; + sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em; font_matrix = cff->subfonts[fd_index]->font_dict.font_matrix; -- cgit v1.2.3