Commit 33febc0fb224ae834bec9d7953c6b8c6e40aecf6

Werner Lemberg 2004-10-09T07:07:43

* docs/CHANGES: Updated. Fix handling of NPUSHW if skipped in data stream. * src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW to -2. (SkipCode, TT_RunIns): Use opcode_length value for computation of bytes to be skipped.

diff --git a/ChangeLog b/ChangeLog
index db5f303..dd0ce57 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2004-10-09  Werner Lemberg  <wl@gnu.org>
+
+	* docs/CHANGES: Updated.
+
+2004-10-09  Boris Letocha  <b.letocha@cz.gmc.net>
+
+	Fix handling of NPUSHW if skipped in data stream.
+
+	* src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW
+	to -2.
+	(SkipCode, TT_RunIns): Use opcode_length value for computation of
+	bytes to be skipped.
+
 2004-09-10  Jouk Jansen  <joukj@hrem.stm.tudelft.nl>
 
 	* vms_make.com: Updated.
diff --git a/docs/CHANGES b/docs/CHANGES
index 5bcadd5..da17bdc 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -9,6 +9,10 @@ LATEST CHANGES BETWEEN 2.1.10 and 2.1.9
 
     - The stroker still had some serious bugs.
 
+    - Boris  Letocha  fixed a  bug in  the  TrueType interpreter:  The
+      NPUSHW instruction wasn't skipped correctly in IF clauses.  Some
+      fonts like `Helvetica 75 Bold' failed.
+
 
   II. IMPORTANT CHANGES
 
@@ -26,7 +30,7 @@ LATEST CHANGES BETWEEN 2.1.10 and 2.1.9
     - A new API `FT_OpenType_Validate' (in FT_OPENTYPE_VALIDATE_H) has
       been added to validate OpenType tables  (BASE, GDEF, GPOS, GSUB,
       JSTF).   After validation  it is  no longer  necessary to  check
-      for errors in those tables.
+      for errors in those tables while accessing them.
 
 
 LATEST CHANGES BETWEEN 2.1.9 and 2.1.8
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index e3fc671..ec8daae 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -844,22 +844,17 @@
   /*************************************************************************/
   /*                                                                       */
   /* Before an opcode is executed, the interpreter verifies that there are */
-  /* enough arguments on the stack, with the help of the Pop_Push_Count    */
+  /* enough arguments on the stack, with the help of the `Pop_Push_Count'  */
   /* table.                                                                */
   /*                                                                       */
   /* For each opcode, the first column gives the number of arguments that  */
   /* are popped from the stack; the second one gives the number of those   */
   /* that are pushed in result.                                            */
   /*                                                                       */
-  /* Note that for opcodes with a varying number of parameters, either 0   */
-  /* or 1 arg is verified before execution, depending on the nature of the */
-  /* instruction:                                                          */
-  /*                                                                       */
-  /* - if the number of arguments is given by the bytecode stream or the   */
-  /*   loop variable, 0 is chosen.                                         */
-  /*                                                                       */
-  /* - if the first argument is a count n that is followed by arguments    */
-  /*   a1 .. an, then 1 is chosen.                                         */
+  /* Opcodes which have a varying number of parameters in the data stream  */
+  /* (NPUSHB, NPUSHW) are handled specially; they have a negative value in */
+  /* the `opcode_length' table, and the value in `Pop_Push_Count' is set   */
+  /* to zero.                                                              */
   /*                                                                       */
   /*************************************************************************/
 
@@ -1156,7 +1151,7 @@
     1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
     1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
 
-   -1,-1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
+   -1,-2, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
     1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
     1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
     1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,  1, 1, 1, 1,
@@ -4161,7 +4156,7 @@
       {
         if ( CUR.IP + 1 > CUR.codeSize )
           goto Fail_Overflow;
-        CUR.length = CUR.code[CUR.IP + 1] + 2;
+        CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
       }
 
       if ( CUR.IP + CUR.length <= CUR.codeSize )
@@ -7044,7 +7039,7 @@
         if ( CUR.IP + 1 > CUR.codeSize )
           goto LErrorCodeOverflow_;
 
-        CUR.length = CUR.code[CUR.IP + 1] + 2;
+        CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
       }
 
       if ( CUR.IP + CUR.length > CUR.codeSize )