* docs/CHANGES: Updated. Fix handling of NPUSHW if skipped in data stream. * src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW to -2. (SkipCode, TT_RunIns): Use opcode_length value for computation of bytes to be skipped.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
diff --git a/ChangeLog b/ChangeLog
index db5f303..dd0ce57 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2004-10-09 Werner Lemberg <wl@gnu.org>
+
+ * docs/CHANGES: Updated.
+
+2004-10-09 Boris Letocha <b.letocha@cz.gmc.net>
+
+ Fix handling of NPUSHW if skipped in data stream.
+
+ * src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW
+ to -2.
+ (SkipCode, TT_RunIns): Use opcode_length value for computation of
+ bytes to be skipped.
+
2004-09-10 Jouk Jansen <joukj@hrem.stm.tudelft.nl>
* vms_make.com: Updated.
diff --git a/docs/CHANGES b/docs/CHANGES
index 5bcadd5..da17bdc 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -9,6 +9,10 @@ LATEST CHANGES BETWEEN 2.1.10 and 2.1.9
- The stroker still had some serious bugs.
+ - Boris Letocha fixed a bug in the TrueType interpreter: The
+ NPUSHW instruction wasn't skipped correctly in IF clauses. Some
+ fonts like `Helvetica 75 Bold' failed.
+
II. IMPORTANT CHANGES
@@ -26,7 +30,7 @@ LATEST CHANGES BETWEEN 2.1.10 and 2.1.9
- A new API `FT_OpenType_Validate' (in FT_OPENTYPE_VALIDATE_H) has
been added to validate OpenType tables (BASE, GDEF, GPOS, GSUB,
JSTF). After validation it is no longer necessary to check
- for errors in those tables.
+ for errors in those tables while accessing them.
LATEST CHANGES BETWEEN 2.1.9 and 2.1.8
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index e3fc671..ec8daae 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -844,22 +844,17 @@
/*************************************************************************/
/* */
/* Before an opcode is executed, the interpreter verifies that there are */
- /* enough arguments on the stack, with the help of the Pop_Push_Count */
+ /* enough arguments on the stack, with the help of the `Pop_Push_Count' */
/* table. */
/* */
/* For each opcode, the first column gives the number of arguments that */
/* are popped from the stack; the second one gives the number of those */
/* that are pushed in result. */
/* */
- /* Note that for opcodes with a varying number of parameters, either 0 */
- /* or 1 arg is verified before execution, depending on the nature of the */
- /* instruction: */
- /* */
- /* - if the number of arguments is given by the bytecode stream or the */
- /* loop variable, 0 is chosen. */
- /* */
- /* - if the first argument is a count n that is followed by arguments */
- /* a1 .. an, then 1 is chosen. */
+ /* Opcodes which have a varying number of parameters in the data stream */
+ /* (NPUSHB, NPUSHW) are handled specially; they have a negative value in */
+ /* the `opcode_length' table, and the value in `Pop_Push_Count' is set */
+ /* to zero. */
/* */
/*************************************************************************/
@@ -1156,7 +1151,7 @@
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- -1,-1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ -1,-2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -4161,7 +4156,7 @@
{
if ( CUR.IP + 1 > CUR.codeSize )
goto Fail_Overflow;
- CUR.length = CUR.code[CUR.IP + 1] + 2;
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
}
if ( CUR.IP + CUR.length <= CUR.codeSize )
@@ -7044,7 +7039,7 @@
if ( CUR.IP + 1 > CUR.codeSize )
goto LErrorCodeOverflow_;
- CUR.length = CUR.code[CUR.IP + 1] + 2;
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
}
if ( CUR.IP + CUR.length > CUR.codeSize )