From aeb407daf3711a10a27f3bc2223c5eb05158076e Mon Sep 17 00:00:00 2001 From: David 'Digit' Turner Date: Wed, 17 Aug 2011 18:21:28 +0200 Subject: Update to FreeType 2.4.6+ This patch updates our copy of the FreeType sources to 2.4.6+. More precisely, it contains source code corresponding to the state of the upstream repository at the following hash submitted on August 16 2001: c3fb981e2ac79acad09d5673352646696472f55e This corresponds to 2.4.6 with 7 more patches applied on top of it to fix bugs in the TrueType interpreter and the CFF parser. Change-Id: I9f3ac736d616020c8d10fd1d4e4be466f35fb6e7 --- src/truetype/ttinterp.c | 318 +++++++++++++++++++++++++++++------------------- 1 file changed, 194 insertions(+), 124 deletions(-) (limited to 'src/truetype/ttinterp.c') diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index f55b8ee..6c4eed6 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -4,8 +4,7 @@ /* */ /* TrueType bytecode interpreter (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */ -/* 2010 */ +/* Copyright 1996-2011 */ /* by David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -17,6 +16,10 @@ /***************************************************************************/ +/* Greg Hitchcock from Microsoft has helped a lot in resolving unclear */ +/* issues; many thanks! */ + + #include #include FT_INTERNAL_DEBUG_H #include FT_INTERNAL_CALC_H @@ -665,9 +668,9 @@ FT_Int i; - /* XXXX: Will probably disappear soon with all the code range */ - /* management, which is now rather obsolete. */ - /* */ + /* XXX: Will probably disappear soon with all the code range */ + /* management, which is now rather obsolete. */ + /* */ size->num_function_defs = exec->numFDefs; size->num_instruction_defs = exec->numIDefs; @@ -986,8 +989,8 @@ /* INS_$83 */ PACK( 0, 0 ), /* INS_$84 */ PACK( 0, 0 ), /* ScanCTRL */ PACK( 1, 0 ), - /* SDVPTL[0] */ PACK( 2, 0 ), - /* SDVPTL[1] */ PACK( 2, 0 ), + /* SDPVTL[0] */ PACK( 2, 0 ), + /* SDPVTL[1] */ PACK( 2, 0 ), /* GetINFO */ PACK( 1, 1 ), /* IDEF */ PACK( 1, 0 ), /* ROLL */ PACK( 3, 3 ), @@ -2842,6 +2845,17 @@ A = p1->x - p2->x; B = p1->y - p2->y; + /* If p1 == p2, SPVTL and SFVTL behave the same as */ + /* SPVTCA[X] and SFVTCA[X], respectively. */ + /* */ + /* Confirmed by Greg Hitchcock. */ + + if ( A == 0 && B == 0 ) + { + A = 0x4000; + aOpc = 0; + } + if ( ( aOpc & 1 ) != 0 ) { C = B; /* counter clockwise rotation */ @@ -3167,44 +3181,54 @@ args[0] = CUR.top; -#define DO_CINDEX \ - { \ - FT_Long L; \ - \ - \ - L = args[0]; \ - \ - if ( L <= 0 || L > CUR.args ) \ - CUR.error = TT_Err_Invalid_Reference; \ - else \ - args[0] = CUR.stack[CUR.args - L]; \ - } - - -#define DO_JROT \ - if ( args[1] != 0 ) \ - { \ - CUR.IP += args[0]; \ - if ( CUR.IP < 0 ) \ - CUR.error = TT_Err_Bad_Argument; \ - CUR.step_ins = FALSE; \ - } - - -#define DO_JMPR \ - CUR.IP += args[0]; \ - if ( CUR.IP < 0 ) \ - CUR.error = TT_Err_Bad_Argument; \ +#define DO_CINDEX \ + { \ + FT_Long L; \ + \ + \ + L = args[0]; \ + \ + if ( L <= 0 || L > CUR.args ) \ + { \ + if ( CUR.pedantic_hinting ) \ + CUR.error = TT_Err_Invalid_Reference; \ + args[0] = 0; \ + } \ + else \ + args[0] = CUR.stack[CUR.args - L]; \ + } + + +#define DO_JROT \ + if ( args[1] != 0 ) \ + { \ + if ( args[0] == 0 && CUR.args == 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ + CUR.IP += args[0]; \ + if ( CUR.IP < 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ + CUR.step_ins = FALSE; \ + } + + +#define DO_JMPR \ + if ( args[0] == 0 && CUR.args == 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ + CUR.IP += args[0]; \ + if ( CUR.IP < 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ CUR.step_ins = FALSE; -#define DO_JROF \ - if ( args[1] == 0 ) \ - { \ - CUR.IP += args[0]; \ - if ( CUR.IP < 0 ) \ - CUR.error = TT_Err_Bad_Argument; \ - CUR.step_ins = FALSE; \ +#define DO_JROF \ + if ( args[1] == 0 ) \ + { \ + if ( args[0] == 0 && CUR.args == 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ + CUR.IP += args[0]; \ + if ( CUR.IP < 0 ) \ + CUR.error = TT_Err_Bad_Argument; \ + CUR.step_ins = FALSE; \ } @@ -4386,17 +4410,19 @@ if ( L <= 0 || L > CUR.args ) { - CUR.error = TT_Err_Invalid_Reference; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Invalid_Reference; } + else + { + K = CUR.stack[CUR.args - L]; - K = CUR.stack[CUR.args - L]; - - FT_ARRAY_MOVE( &CUR.stack[CUR.args - L ], - &CUR.stack[CUR.args - L + 1], - ( L - 1 ) ); + FT_ARRAY_MOVE( &CUR.stack[CUR.args - L ], + &CUR.stack[CUR.args - L + 1], + ( L - 1 ) ); - CUR.stack[CUR.args - 1] = K; + CUR.stack[CUR.args - 1] = K; + } } @@ -5039,12 +5065,8 @@ if ( BOUNDSL( L, CUR.zp2.n_points ) ) { if ( CUR.pedantic_hinting ) - { CUR.error = TT_Err_Invalid_Reference; - return; - } - else - R = 0; + R = 0; } else { @@ -5088,8 +5110,8 @@ CUR_Func_move( &CUR.zp2, L, args[1] - K ); - /* not part of the specs, but here for safety */ - + /* UNDOCUMENTED! The MS rasterizer does that with */ + /* twilight points (confirmed by Greg Hitchcock) */ if ( CUR.GS.gep2 == 0 ) CUR.zp2.org[L] = CUR.zp2.cur[L]; } @@ -5124,10 +5146,7 @@ BOUNDS( K, CUR.zp1.n_points ) ) { if ( CUR.pedantic_hinting ) - { CUR.error = TT_Err_Invalid_Reference; - return; - } D = 0; } else @@ -5173,7 +5192,8 @@ Ins_SDPVTL( INS_ARG ) { FT_Long A, B, C; - FT_UShort p1, p2; /* was FT_Int in pas type ERROR */ + FT_UShort p1, p2; /* was FT_Int in pas type ERROR */ + FT_Int aOpc = CUR.opcode; p1 = (FT_UShort)args[1]; @@ -5194,9 +5214,20 @@ A = v1->x - v2->x; B = v1->y - v2->y; + + /* If v1 == v2, SDPVTL behaves the same as */ + /* SVTCA[X], respectively. */ + /* */ + /* Confirmed by Greg Hitchcock. */ + + if ( A == 0 && B == 0 ) + { + A = 0x4000; + aOpc = 0; + } } - if ( ( CUR.opcode & 1 ) != 0 ) + if ( ( aOpc & 1 ) != 0 ) { C = B; /* counter clockwise rotation */ B = A; @@ -5214,7 +5245,7 @@ B = v1->y - v2->y; } - if ( ( CUR.opcode & 1 ) != 0 ) + if ( ( aOpc & 1 ) != 0 ) { C = B; /* counter clockwise rotation */ B = A; @@ -5465,8 +5496,9 @@ if ( CUR.top < CUR.GS.loop ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + goto Fail; } while ( CUR.GS.loop > 0 ) @@ -5489,6 +5521,7 @@ CUR.GS.loop--; } + Fail: CUR.GS.loop = 1; CUR.new_top = CUR.args; } @@ -5676,8 +5709,9 @@ if ( CUR.top < CUR.GS.loop ) { - CUR.error = TT_Err_Invalid_Reference; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Invalid_Reference; + goto Fail; } if ( COMPUTE_Point_Displacement( &dx, &dy, &zp, &refp ) ) @@ -5697,12 +5731,12 @@ } } else - /* XXX: UNDOCUMENTED! SHP touches the points */ MOVE_Zp2_Point( point, dx, dy, TRUE ); CUR.GS.loop--; } + Fail: CUR.GS.loop = 1; CUR.new_top = CUR.args; } @@ -5757,7 +5791,6 @@ last_point = 0; } - /* XXX: UNDOCUMENTED! SHC touches the points */ for ( i = first_point; i <= last_point; i++ ) { if ( zp.cur != CUR.zp2.cur || refp != i ) @@ -5837,8 +5870,9 @@ if ( CUR.top < CUR.GS.loop + 1 ) { - CUR.error = TT_Err_Invalid_Reference; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Invalid_Reference; + goto Fail; } #ifdef TT_CONFIG_OPTION_UNPATENTED_HINTING @@ -5882,6 +5916,7 @@ CUR.GS.loop--; } + Fail: CUR.GS.loop = 1; CUR.new_top = CUR.args; } @@ -5910,9 +5945,9 @@ return; } - /* XXX: UNDOCUMENTED! behaviour */ - if ( CUR.GS.gep1 == 0 ) /* if the point that is to be moved */ - /* is in twilight zone */ + /* UNDOCUMENTED! The MS rasterizer does that with */ + /* twilight points (confirmed by Greg Hitchcock) */ + if ( CUR.GS.gep1 == 0 ) { CUR.zp1.org[point] = CUR.zp0.org[CUR.GS.rp0]; CUR_Func_move_orig( &CUR.zp1, point, args[1] ); @@ -5955,8 +5990,6 @@ return; } - /* XXX: Is there some undocumented feature while in the */ - /* twilight zone? ? */ if ( ( CUR.opcode & 1 ) != 0 ) { cur_dist = CUR_fast_project( &CUR.zp0.cur[point] ); @@ -5996,37 +6029,37 @@ { if ( CUR.pedantic_hinting ) CUR.error = TT_Err_Invalid_Reference; - return; + goto Fail; } - /* XXX: UNDOCUMENTED! */ - /* */ - /* The behaviour of an MIAP instruction is quite */ - /* different when used in the twilight zone. */ - /* */ - /* First, no control value cut-in test is performed */ - /* as it would fail anyway. Second, the original */ - /* point, i.e. (org_x,org_y) of zp0.point, is set */ - /* to the absolute, unrounded distance found in */ - /* the CVT. */ - /* */ - /* This is used in the CVT programs of the Microsoft */ - /* fonts Arial, Times, etc., in order to re-adjust */ - /* some key font heights. It allows the use of the */ - /* IP instruction in the twilight zone, which */ - /* otherwise would be `illegal' according to the */ - /* specification. */ - /* */ - /* We implement it with a special sequence for the */ - /* twilight zone. This is a bad hack, but it seems */ - /* to work. */ + /* UNDOCUMENTED! */ + /* */ + /* The behaviour of an MIAP instruction is quite different when used */ + /* in the twilight zone. */ + /* */ + /* First, no control value cut-in test is performed as it would fail */ + /* anyway. Second, the original point, i.e. (org_x,org_y) of */ + /* zp0.point, is set to the absolute, unrounded distance found in the */ + /* CVT. */ + /* */ + /* This is used in the CVT programs of the Microsoft fonts Arial, */ + /* Times, etc., in order to re-adjust some key font heights. It */ + /* allows the use of the IP instruction in the twilight zone, which */ + /* otherwise would be invalid according to the specification. */ + /* */ + /* We implement it with a special sequence for the twilight zone. */ + /* This is a bad hack, but it seems to work. */ + /* */ + /* Confirmed by Greg Hitchcock. */ distance = CUR_Func_read_cvt( cvtEntry ); if ( CUR.GS.gep0 == 0 ) /* If in twilight zone */ { - CUR.zp0.org[point].x = TT_MulFix14( (FT_UInt32)distance, CUR.GS.freeVector.x ); - CUR.zp0.org[point].y = TT_MulFix14( (FT_UInt32)distance, CUR.GS.freeVector.y ), + CUR.zp0.org[point].x = TT_MulFix14( (FT_UInt32)distance, + CUR.GS.freeVector.x ); + CUR.zp0.org[point].y = TT_MulFix14( (FT_UInt32)distance, + CUR.GS.freeVector.y ), CUR.zp0.cur[point] = CUR.zp0.org[point]; } @@ -6042,6 +6075,7 @@ CUR_Func_move( &CUR.zp0, point, distance - org_dist ); + Fail: CUR.GS.rp0 = point; CUR.GS.rp1 = point; } @@ -6067,7 +6101,7 @@ { if ( CUR.pedantic_hinting ) CUR.error = TT_Err_Invalid_Reference; - return; + goto Fail; } /* XXX: Is there some undocumented feature while in the */ @@ -6152,6 +6186,7 @@ CUR_Func_move( &CUR.zp1, point, distance - org_dist ); + Fail: CUR.GS.rp1 = CUR.GS.rp0; CUR.GS.rp2 = point; @@ -6189,7 +6224,7 @@ { if ( CUR.pedantic_hinting ) CUR.error = TT_Err_Invalid_Reference; - return; + goto Fail; } if ( !cvtEntry ) @@ -6208,19 +6243,17 @@ cvt_dist = -CUR.GS.single_width_value; } - /* XXX: UNDOCUMENTED! -- twilight zone */ - + /* UNDOCUMENTED! The MS rasterizer does that with */ + /* twilight points (confirmed by Greg Hitchcock) */ if ( CUR.GS.gep1 == 0 ) { CUR.zp1.org[point].x = CUR.zp0.org[CUR.GS.rp0].x + TT_MulFix14( (FT_UInt32)cvt_dist, CUR.GS.freeVector.x ); - CUR.zp1.org[point].y = CUR.zp0.org[CUR.GS.rp0].y + TT_MulFix14( (FT_UInt32)cvt_dist, CUR.GS.freeVector.y ); - - CUR.zp1.cur[point] = CUR.zp0.cur[point]; + CUR.zp1.cur[point] = CUR.zp0.cur[point]; } org_dist = CUR_Func_dualproj( &CUR.zp1.org[point], @@ -6244,8 +6277,22 @@ /* refer to the same zone. */ if ( CUR.GS.gep0 == CUR.GS.gep1 ) - if ( FT_ABS( cvt_dist - org_dist ) >= CUR.GS.control_value_cutin ) + { + /* XXX: According to Greg Hitchcock, the following wording is */ + /* the right one: */ + /* */ + /* When the absolute difference between the value in */ + /* the table [CVT] and the measurement directly from */ + /* the outline is _greater_ than the cut_in value, the */ + /* outline measurement is used. */ + /* */ + /* This is from `instgly.doc'. The description in */ + /* `ttinst2.doc', version 1.66, is thus incorrect since */ + /* it implies `>=' instead of `>'. */ + + if ( FT_ABS( cvt_dist - org_dist ) > CUR.GS.control_value_cutin ) cvt_dist = org_dist; + } distance = CUR_Func_round( cvt_dist, @@ -6274,12 +6321,12 @@ CUR_Func_move( &CUR.zp1, point, distance - cur_dist ); + Fail: CUR.GS.rp1 = CUR.GS.rp0; if ( ( CUR.opcode & 16 ) != 0 ) CUR.GS.rp0 = point; - /* XXX: UNDOCUMENTED! */ CUR.GS.rp2 = point; } @@ -6304,7 +6351,7 @@ { if ( CUR.pedantic_hinting ) CUR.error = TT_Err_Invalid_Reference; - return; + goto Fail; } while ( CUR.GS.loop > 0 ) @@ -6332,6 +6379,7 @@ CUR.GS.loop--; } + Fail: CUR.GS.loop = 1; CUR.new_top = CUR.args; } @@ -6473,8 +6521,9 @@ if ( CUR.top < CUR.GS.loop ) { - CUR.error = TT_Err_Invalid_Reference; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Invalid_Reference; + goto Fail; } /* @@ -6488,7 +6537,7 @@ { if ( CUR.pedantic_hinting ) CUR.error = TT_Err_Invalid_Reference; - return; + goto Fail; } if ( twilight ) @@ -6553,6 +6602,8 @@ CUR_Func_move( &CUR.zp2, (FT_UShort)point, new_dist - cur_dist ); } + + Fail: CUR.GS.loop = 1; CUR.new_top = CUR.args; } @@ -6845,8 +6896,9 @@ if ( CUR.args < n ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + n = CUR.args; } CUR.args -= n; @@ -6862,8 +6914,10 @@ { if ( CUR.args < 2 ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + CUR.args = 0; + goto Fail; } CUR.args -= 2; @@ -6912,6 +6966,7 @@ CUR.error = TT_Err_Invalid_Reference; } + Fail: CUR.new_top = CUR.args; } @@ -6939,8 +6994,9 @@ if ( CUR.args < n ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + n = CUR.args; } CUR.args -= n; @@ -6955,8 +7011,10 @@ { if ( CUR.args < 2 ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + CUR.args = 0; + goto Fail; } CUR.args -= 2; @@ -7004,6 +7062,7 @@ } } + Fail: CUR.new_top = CUR.args; } @@ -7465,8 +7524,19 @@ /* One can also interpret it as the index of the last argument. */ if ( CUR.args < 0 ) { - CUR.error = TT_Err_Too_Few_Arguments; - goto LErrorLabel_; + FT_UShort i; + + + if ( CUR.pedantic_hinting ) + { + CUR.error = TT_Err_Too_Few_Arguments; + goto LErrorLabel_; + } + + /* push zeroes onto the stack */ + for ( i = 0; i < Pop_Push_Count[CUR.opcode] >> 4; i++ ) + CUR.stack[i] = 0; + CUR.args = 0; } CUR.new_top = CUR.args + ( Pop_Push_Count[CUR.opcode] & 15 ); @@ -7503,7 +7573,7 @@ case 0x04: /* SFvTCA y */ case 0x05: /* SFvTCA x */ { - FT_Short AA, BB; + FT_Short AA, BB; AA = (FT_Short)( ( opcode & 1 ) << 14 ); -- cgit v1.2.3