From 295ffce55e0198e7a9f7d46b33f5c2b4147bf821 Mon Sep 17 00:00:00 2001 From: David 'Digit' Turner Date: Wed, 3 Mar 2010 14:24:57 -0800 Subject: Update to FreeType 2.3.12 --- src/truetype/ttinterp.c | 54 +++++++++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 20 deletions(-) (limited to 'src/truetype/ttinterp.c') diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 2279a62..13aa9a2 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -791,9 +791,9 @@ /* allocate object */ if ( FT_NEW( exec ) ) - goto Exit; + goto Fail; - /* initialize it */ + /* initialize it; in case of error this deallocates `exec' too */ error = Init_Context( exec, memory ); if ( error ) goto Fail; @@ -802,13 +802,10 @@ driver->context = exec; } - Exit: return driver->context; Fail: - FT_FREE( exec ); - - return 0; + return NULL; } @@ -2197,7 +2194,7 @@ FT_ASSERT( !CUR.face->unpatented_hinting ); #endif - return TT_DotFix14( dx, dy, + return TT_DotFix14( (FT_UInt32)dx, (FT_UInt32)dy, CUR.GS.projVector.x, CUR.GS.projVector.y ); } @@ -2223,7 +2220,7 @@ Dual_Project( EXEC_OP_ FT_Pos dx, FT_Pos dy ) { - return TT_DotFix14( dx, dy, + return TT_DotFix14( (FT_UInt32)dx, (FT_UInt32)dy, CUR.GS.dualVector.x, CUR.GS.dualVector.y ); } @@ -4293,13 +4290,21 @@ CUR.numFDefs++; } + /* Although FDEF takes unsigned 32-bit integer, */ + /* func # must be within unsigned 16-bit integer */ + if ( n > 0xFFFFU ) + { + CUR.error = TT_Err_Too_Many_Function_Defs; + return; + } + rec->range = CUR.curRange; - rec->opc = n; + rec->opc = (FT_UInt16)n; rec->start = CUR.IP + 1; rec->active = TRUE; if ( n > CUR.maxFunc ) - CUR.maxFunc = n; + CUR.maxFunc = (FT_UInt16)n; /* Now skip the whole function definition. */ /* We don't allow nested IDEFS & FDEFs. */ @@ -4556,13 +4561,20 @@ CUR.numIDefs++; } - def->opc = args[0]; + /* opcode must be unsigned 8-bit integer */ + if ( 0 > args[0] || args[0] > 0x00FF ) + { + CUR.error = TT_Err_Too_Many_Instruction_Defs; + return; + } + + def->opc = (FT_Byte)args[0]; def->start = CUR.IP+1; def->range = CUR.curRange; def->active = TRUE; if ( (FT_ULong)args[0] > CUR.maxIns ) - CUR.maxIns = args[0]; + CUR.maxIns = (FT_Byte)args[0]; /* Now skip the whole function definition. */ /* We don't allow nested IDEFs & FDEFs. */ @@ -5530,20 +5542,20 @@ { if ( CUR.GS.both_x_axis ) { - dx = TT_MulFix14( args[0], 0x4000 ); + dx = TT_MulFix14( (FT_UInt32)args[0], 0x4000 ); dy = 0; } else { dx = 0; - dy = TT_MulFix14( args[0], 0x4000 ); + dy = TT_MulFix14( (FT_UInt32)args[0], 0x4000 ); } } else #endif { - dx = TT_MulFix14( args[0], CUR.GS.freeVector.x ); - dy = TT_MulFix14( args[0], CUR.GS.freeVector.y ); + dx = TT_MulFix14( (FT_UInt32)args[0], CUR.GS.freeVector.x ); + dy = TT_MulFix14( (FT_UInt32)args[0], CUR.GS.freeVector.y ); } while ( CUR.GS.loop > 0 ) @@ -5709,8 +5721,8 @@ if ( CUR.GS.gep0 == 0 ) /* If in twilight zone */ { - CUR.zp0.org[point].x = TT_MulFix14( distance, CUR.GS.freeVector.x ); - CUR.zp0.org[point].y = TT_MulFix14( distance, CUR.GS.freeVector.y ), + CUR.zp0.org[point].x = TT_MulFix14( (FT_UInt32)distance, CUR.GS.freeVector.x ); + CUR.zp0.org[point].y = TT_MulFix14( (FT_UInt32)distance, CUR.GS.freeVector.y ), CUR.zp0.cur[point] = CUR.zp0.org[point]; } @@ -5897,10 +5909,12 @@ if ( CUR.GS.gep1 == 0 ) { CUR.zp1.org[point].x = CUR.zp0.org[CUR.GS.rp0].x + - TT_MulFix14( cvt_dist, CUR.GS.freeVector.x ); + TT_MulFix14( (FT_UInt32)cvt_dist, + CUR.GS.freeVector.x ); CUR.zp1.org[point].y = CUR.zp0.org[CUR.GS.rp0].y + - TT_MulFix14( cvt_dist, CUR.GS.freeVector.y ); + TT_MulFix14( (FT_UInt32)cvt_dist, + CUR.GS.freeVector.y ); CUR.zp1.cur[point] = CUR.zp0.cur[point]; } -- cgit v1.2.3