Previously, FreeType misleadingly returned
FT_Err_Unknown_File_Format if a module was missing (or a test was
missing completely).
* include/freetype/fterrdef.h (FT_Err_Missing_Module): Define.
* src/cff/cffobjs.c (cff_face_init), src/cid/cidobjs.c
(cid_face_init), src/sfnt/sfobjs.c (sfnt_init_face),
src/truetype/ttobjs.c (tt_face_init), src/type1/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init,
T42_Driver_Init): Updated.
* src/type1/t1afm.c (T1_Read_Metrics), src/type/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init): Remove now
redundant test for `psaux'.
This allows a Type 1 font face to be interrogated to retrieve most
of the dictionary keys (keys not relevant to FreeType's Type 1
interpreter are not available).
* include/freetype/internal/services/svpsinfo.h
(PS_GetFontValueFunc): New typedef.
(PSInfo): Add `ps_get_font_value'.
(FT_DEFINE_SERVICE_PSINFOREC): Updated.
* include/freetype/internal/t1types.h (T1_EncodingType): Moved to...
* include/freetype/t1tables.h: Here.
(PS_Dict_Keys): New enumeration.
(FT_Get_PS_Font_Value): New declaration.
* src/base/fttype1.c (FT_Get_PS_Font_Value): New function.
* src/type1/t1driver.c (t1_ps_get_font_value): This new function
does the real job.
(t1_service_ps_info): Add it.
* src/cff/cffdrivr.c (cff_service_ps_info), src/cid/cidriver.c
(cid_service_ps_info), src/type42/t42drivr.c (t42_service_ps_info):
Updated.
* src/cid/cidload.c (cid_load_keyword) <default>,
(parse_font_matrix, parse_expansion_factor): Correctly check number
of dictionaries.
(cid_read_subrs): Protect against invalid values of `num_subrs'.
Assure that the elements of the `offsets' array are ascending.
* src/base/ftbase.h (raccess_rule_by_darwin_vfs): Do not declare
it on native Mac OS X.
* src/base/ftrfork.c (raccess_get_rule_type_from_rule_index):
Hide raccess_get_rule_type_from_rule_index() on native Mac OS X
too.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
value of `target->rows'.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
flex start.
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
`height'.
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
invalid values in `localpoints' array.
Problem reported by Nicolas Rougier <Nicolas.Rougier@inria.fr>.
* src/tools/glnames.py (adobe_glyph_list): Add data from AGL's
`zapfdingbats.txt' file.
* src/psnames/pstables.h: Regenerated.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_CODE>:
Ensure that subsequent (modulo garbage byte(s)) LZW_CLEAR codes are
handled as clear codes. This also re-sets old_code and old_char to
predictable values, which is a little better than using `random'
ones if the code following LZW_CLEAR is invalid.
Stack larger than 1<<LZW_MAX_BITS is never needed if prefix table is
constructed correctly. It's even less than that, see e.g.
libarchive code comment for a better size upper bound:
http://code.google.com/p/libarchive/source/browse/trunk/libarchive/archive_read_support_filter_compress.c?r=3635#121
This patch adds explicit stack size limit, enforced when stack is
realloced.
An alternative is to ensure that code < state->prefix[code - 256]
when traversing prefix table. Such check is less efficient and
should not be required if prefix table is constructed correctly in
the first place.
* src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Implement it.
LZW decompressor did not sufficiently check codes read from the
input LZW stream. A specially-crafted or corrupted input could
create a loop in the prefix table, which leads to memory usage
spikes, as there's no decompression stack size limit.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_START>: First
code in valid LZW stream must be 0..255.
<FT_LZW_PHASE_CODE>: In the special KwKwK case, code == free_ent,
code > free_ent is invalid.
* src/cff/cfftypes.h (CFF_FontRecDictRec): New member
`has_font_matrix'.
* src/cff/cffparse.c (cff_parse_font_matrix): Set it.
Update tracing output.
* src/cff/cffobjs.c (cff_face_init): Use it so that the heuristics
can be removed.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
When shifting right a signed value, it is not defined by the
C standard whether one gets a sign extension or not. Use a macro to
do an explicit cast from a signed short (assuming that this is
16bit) to an int.
* src/psaux/t1decode.c (Fix2Int): New macro.
Use it where appropriate.