Commit 6fd9512aff9a04d4ecd994d9580736bf6b1726e1
2003-12-31T07:51:30
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Handle `repeated flags set' correctly. * src/cff/cffobjs.c (cff_face_init): Fix memory leak by deallocating `full' and `weight' properly. * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_hintmask> [FT_DEBUG_LEVEL_TRACE]: Use `0x' as prefix for tracing output.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
diff --git a/ChangeLog b/ChangeLog
index 7d37368..45c195f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2003-12-29 Smith Charles <smith.charles@free.fr>
+
+ * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Handle `repeated
+ flags set' correctly.
+
+2003-12-29 Werner Lemberg <wl@gnu.org>
+
+ * src/cff/cffobjs.c (cff_face_init): Fix memory leak by deallocating
+ `full' and `weight' properly.
+ * src/cff/cffgload.c (cff_decoder_parse_charstrings)
+ <cff_op_hintmask> [FT_DEBUG_LEVEL_TRACE]: Use `0x' as prefix for
+ tracing output.
+
2003-12-26 Werner Lemberg <wl@gnu.org>
* include/freetype/internal/sfnt.h (TT_Set_SBit_Strike_Func):
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index a56ee28..7b25915 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -1227,7 +1227,7 @@
for ( maskbyte = 0;
maskbyte < (FT_UInt)(( decoder->num_hints + 7 ) >> 3);
maskbyte++, ip++ )
- FT_TRACE4(( "%02X", *ip ));
+ FT_TRACE4(( "0x%02X", *ip ));
}
#else
ip += ( decoder->num_hints + 7 ) >> 3;
diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
index 8d45165..6abb84b 100644
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@@ -376,7 +376,7 @@
if ( pure_cff )
{
- char* style_name;
+ char* style_name = NULL;
/* Set up num_faces. */
@@ -413,36 +413,37 @@
root->family_name = cff_index_get_name( &cff->name_index,
face_index );
- /* assume "Regular" style if we don't know better */
- style_name = (char *)"Regular";
-
if ( root->family_name )
{
char* full = cff_index_get_sid_string( &cff->string_index,
dict->full_name,
psnames );
+ char* fullp = full;
char* family = root->family_name;
if ( full )
{
- while ( *full )
+ while ( *fullp )
{
- if ( *full == *family )
+ if ( *fullp == *family )
{
family++;
- full++;
+ fullp++;
}
else
{
- if ( *full == ' ' || *full == '-' )
- full++;
+ if ( *fullp == ' ' || *fullp == '-' )
+ fullp++;
else if ( *family == ' ' || *family == '-' )
family++;
else
{
if ( !*family )
- style_name = full;
+ {
+ style_name = cff_strcpy( memory, fullp );
+ FT_FREE( full );
+ }
break;
}
}
@@ -462,7 +463,11 @@
root->family_name = cid_font_name;
}
- root->style_name = cff_strcpy( memory, style_name );
+ if ( style_name )
+ root->style_name = style_name;
+ else
+ /* assume "Regular" style if we don't know better */
+ root->style_name = cff_strcpy( memory, (char *)"Regular" );
/*******************************************************************/
/* */
@@ -506,6 +511,7 @@
if ( !ft_strcmp( weight, "Bold" ) ||
!ft_strcmp( weight, "Black" ) )
flags |= FT_STYLE_FLAG_BOLD;
+ FT_FREE( weight );
}
root->style_flags = flags;
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 78eb41a..8ff3e6b 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -296,6 +296,7 @@
FT_Byte *flag, *flag_limit;
FT_Byte c, count;
+ FT_Int n_xlimit;
FT_Vector *vec, *vec_limit;
FT_Pos x;
FT_Short *cont, *cont_limit;
@@ -368,10 +369,36 @@
stream->cursor += (FT_Int)n_ins;
/* reading the point tags */
+
+ /*********************************************************************/
+ /* */
+ /* NOTE: */
+ /* */
+ /* Microsoft documentation says: */
+ /* */
+ /* BYTE flags[n] Array of flags for each coordinate in outline; */
+ /* `n' is the number of flags. */
+ /* (But it doesn't say where the `n' comes from.) */
+ /* */
+ /* Apple documentation says: */
+ /* */
+ /* uint8 flags[variable] Array of flags. */
+ /* (Again it doesn't say where the */
+ /* `variable' comes from) */
+ /* */
+ /* Most of the time, `n' = `variable' = n_points. But if a */
+ /* `repeated flags set' is found (`c & 8' below) the number of */
+ /* flags sets is smaller than n_points. So we must carefully read */
+ /* the flags, avoiding to read beyond the limit of actually stored */
+ /* bytes. */
+
flag = (FT_Byte*)outline->tags;
flag_limit = flag + n_points;
- while ( flag < flag_limit )
+ /* scan and expand the flags to reach the first xCoordinate */
+ n_xlimit = n_points; /* this is a safety limit for reading */
+
+ for ( ; n_xlimit > 0; n_xlimit-- )
{
if ( --byte_len < 0 )
goto Invalid_Outline;
@@ -386,11 +413,19 @@
if ( flag + (FT_Int)count > flag_limit )
goto Invalid_Outline;
+ /* adjust n_xlimit by removing the repeated sets */
+ /* from the safety limit */
+ n_xlimit -= count;
+
for ( ; count > 0; count-- )
*flag++ = c;
}
}
+ /* check that each point has an associated flags set */
+ if ( flag != flag_limit )
+ goto Invalid_Outline;
+
/* check that there is enough room to load the coordinates */
for ( flag = (FT_Byte*)outline->tags; flag < flag_limit; flag++ )
{