1 /***************************************************************************/
2 /* */
3 /* cffdecode.c */
4 /* */
5 /* PostScript CFF (Type 2) decoding routines (body). */
6 /* */
7 /* Copyright 2017-2018 by */
8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */
9 /* */
10 /* This file is part of the FreeType project, and may only be used, */
11 /* modified, and distributed under the terms of the FreeType project */
12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */
13 /* this file you indicate that you have read the license and */
14 /* understand and accept it fully. */
15 /* */
16 /***************************************************************************/
17
18
19 #include <ft2build.h>
20 #include FT_FREETYPE_H
21 #include FT_INTERNAL_DEBUG_H
22 #include FT_INTERNAL_SERVICE_H
23 #include FT_SERVICE_CFF_TABLE_LOAD_H
24
25 #include "cffdecode.h"
26 #include "psobjs.h"
27
28 #include "psauxerr.h"
29
30
31 /*************************************************************************/
32 /* */
33 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */
34 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */
35 /* messages during execution. */
36 /* */
37 #undef FT_COMPONENT
38 #define FT_COMPONENT trace_cffdecode
39
40
41 #ifdef CFF_CONFIG_OPTION_OLD_ENGINE
42
43 typedef enum CFF_Operator_
44 {
45 cff_op_unknown = 0,
46
47 cff_op_rmoveto,
48 cff_op_hmoveto,
49 cff_op_vmoveto,
50
51 cff_op_rlineto,
52 cff_op_hlineto,
53 cff_op_vlineto,
54
55 cff_op_rrcurveto,
56 cff_op_hhcurveto,
57 cff_op_hvcurveto,
58 cff_op_rcurveline,
59 cff_op_rlinecurve,
60 cff_op_vhcurveto,
61 cff_op_vvcurveto,
62
63 cff_op_flex,
64 cff_op_hflex,
65 cff_op_hflex1,
66 cff_op_flex1,
67
68 cff_op_endchar,
69
70 cff_op_hstem,
71 cff_op_vstem,
72 cff_op_hstemhm,
73 cff_op_vstemhm,
74
75 cff_op_hintmask,
76 cff_op_cntrmask,
77 cff_op_dotsection, /* deprecated, acts as no-op */
78
79 cff_op_abs,
80 cff_op_add,
81 cff_op_sub,
82 cff_op_div,
83 cff_op_neg,
84 cff_op_random,
85 cff_op_mul,
86 cff_op_sqrt,
87
88 cff_op_blend,
89
90 cff_op_drop,
91 cff_op_exch,
92 cff_op_index,
93 cff_op_roll,
94 cff_op_dup,
95
96 cff_op_put,
97 cff_op_get,
98 cff_op_store,
99 cff_op_load,
100
101 cff_op_and,
102 cff_op_or,
103 cff_op_not,
104 cff_op_eq,
105 cff_op_ifelse,
106
107 cff_op_callsubr,
108 cff_op_callgsubr,
109 cff_op_return,
110
111 /* Type 1 opcodes: invalid but seen in real life */
112 cff_op_hsbw,
113 cff_op_closepath,
114 cff_op_callothersubr,
115 cff_op_pop,
116 cff_op_seac,
117 cff_op_sbw,
118 cff_op_setcurrentpoint,
119
120 /* do not remove */
121 cff_op_max
122
123 } CFF_Operator;
124
125
126 #define CFF_COUNT_CHECK_WIDTH 0x80
127 #define CFF_COUNT_EXACT 0x40
128 #define CFF_COUNT_CLEAR_STACK 0x20
129
130 /* count values which have the `CFF_COUNT_CHECK_WIDTH' flag set are */
131 /* used for checking the width and requested numbers of arguments */
132 /* only; they are set to zero afterwards */
133
134 /* the other two flags are informative only and unused currently */
135
136 static const FT_Byte cff_argument_counts[] =
137 {
138 0, /* unknown */
139
140 2 | CFF_COUNT_CHECK_WIDTH | CFF_COUNT_EXACT, /* rmoveto */
141 1 | CFF_COUNT_CHECK_WIDTH | CFF_COUNT_EXACT,
142 1 | CFF_COUNT_CHECK_WIDTH | CFF_COUNT_EXACT,
143
144 0 | CFF_COUNT_CLEAR_STACK, /* rlineto */
145 0 | CFF_COUNT_CLEAR_STACK,
146 0 | CFF_COUNT_CLEAR_STACK,
147
148 0 | CFF_COUNT_CLEAR_STACK, /* rrcurveto */
149 0 | CFF_COUNT_CLEAR_STACK,
150 0 | CFF_COUNT_CLEAR_STACK,
151 0 | CFF_COUNT_CLEAR_STACK,
152 0 | CFF_COUNT_CLEAR_STACK,
153 0 | CFF_COUNT_CLEAR_STACK,
154 0 | CFF_COUNT_CLEAR_STACK,
155
156 13, /* flex */
157 7,
158 9,
159 11,
160
161 0 | CFF_COUNT_CHECK_WIDTH, /* endchar */
162
163 2 | CFF_COUNT_CHECK_WIDTH, /* hstem */
164 2 | CFF_COUNT_CHECK_WIDTH,
165 2 | CFF_COUNT_CHECK_WIDTH,
166 2 | CFF_COUNT_CHECK_WIDTH,
167
168 0 | CFF_COUNT_CHECK_WIDTH, /* hintmask */
169 0 | CFF_COUNT_CHECK_WIDTH, /* cntrmask */
170 0, /* dotsection */
171
172 1, /* abs */
173 2,
174 2,
175 2,
176 1,
177 0,
178 2,
179 1,
180
181 1, /* blend */
182
183 1, /* drop */
184 2,
185 1,
186 2,
187 1,
188
189 2, /* put */
190 1,
191 4,
192 3,
193
194 2, /* and */
195 2,
196 1,
197 2,
198 4,
199
200 1, /* callsubr */
201 1,
202 0,
203
204 2, /* hsbw */
205 0,
206 0,
207 0,
208 5, /* seac */
209 4, /* sbw */
210 2 /* setcurrentpoint */
211 };
212
213
214 static FT_Error
215 cff_operator_seac( CFF_Decoder* decoder,
216 FT_Pos asb,
217 FT_Pos adx,
218 FT_Pos ady,
219 FT_Int bchar,
220 FT_Int achar )
221 {
222 FT_Error error;
223 CFF_Builder* builder = &decoder->builder;
224 FT_Int bchar_index, achar_index;
225 TT_Face face = decoder->builder.face;
226 FT_Vector left_bearing, advance;
227 FT_Byte* charstring;
228 FT_ULong charstring_len;
229 FT_Pos glyph_width;
230
231
232 if ( decoder->seac )
233 {
234 FT_ERROR(( "cff_operator_seac: invalid nested seac\n" ));
235 return FT_THROW( Syntax_Error );
236 }
237
238 adx += decoder->builder.left_bearing.x;
239 ady += decoder->builder.left_bearing.y;
240
241 #ifdef FT_CONFIG_OPTION_INCREMENTAL
242 /* Incremental fonts don't necessarily have valid charsets. */
243 /* They use the character code, not the glyph index, in this case. */
244 if ( face->root.internal->incremental_interface )
245 {
246 bchar_index = bchar;
247 achar_index = achar;
248 }
249 else
250 #endif /* FT_CONFIG_OPTION_INCREMENTAL */
251 {
252 CFF_Font cff = (CFF_Font)(face->extra.data);
253
254
255 bchar_index = cff_lookup_glyph_by_stdcharcode( cff, bchar );
256 achar_index = cff_lookup_glyph_by_stdcharcode( cff, achar );
257 }
258
259 if ( bchar_index < 0 || achar_index < 0 )
260 {
261 FT_ERROR(( "cff_operator_seac:"
262 " invalid seac character code arguments\n" ));
263 return FT_THROW( Syntax_Error );
264 }
265
266 /* If we are trying to load a composite glyph, do not load the */
267 /* accent character and return the array of subglyphs. */
268 if ( builder->no_recurse )
269 {
270 FT_GlyphSlot glyph = (FT_GlyphSlot)builder->glyph;
271 FT_GlyphLoader loader = glyph->internal->loader;
272 FT_SubGlyph subg;
273
274
275 /* reallocate subglyph array if necessary */
276 error = FT_GlyphLoader_CheckSubGlyphs( loader, 2 );
277 if ( error )
278 goto Exit;
279
280 subg = loader->current.subglyphs;
281
282 /* subglyph 0 = base character */
283 subg->index = bchar_index;
284 subg->flags = FT_SUBGLYPH_FLAG_ARGS_ARE_XY_VALUES |
285 FT_SUBGLYPH_FLAG_USE_MY_METRICS;
286 subg->arg1 = 0;
287 subg->arg2 = 0;
288 subg++;
289
290 /* subglyph 1 = accent character */
291 subg->index = achar_index;
292 subg->flags = FT_SUBGLYPH_FLAG_ARGS_ARE_XY_VALUES;
293 subg->arg1 = (FT_Int)( adx >> 16 );
294 subg->arg2 = (FT_Int)( ady >> 16 );
295
296 /* set up remaining glyph fields */
297 glyph->num_subglyphs = 2;
298 glyph->subglyphs = loader->base.subglyphs;
299 glyph->format = FT_GLYPH_FORMAT_COMPOSITE;
300
301 loader->current.num_subglyphs = 2;
302 }
303
304 FT_GlyphLoader_Prepare( builder->loader );
305
306 /* First load `bchar' in builder */
307 error = decoder->get_glyph_callback( face, (FT_UInt)bchar_index,
308 &charstring, &charstring_len );
309 if ( !error )
310 {
311 /* the seac operator must not be nested */
312 decoder->seac = TRUE;
313 error = cff_decoder_parse_charstrings( decoder, charstring,
314 charstring_len, 0 );
315 decoder->seac = FALSE;
316
317 decoder->free_glyph_callback( face, &charstring, charstring_len );
318
319 if ( error )
320 goto Exit;
321 }
322
323 /* Save the left bearing, advance and glyph width of the base */
324 /* character as they will be erased by the next load. */
325
326 left_bearing = builder->left_bearing;
327 advance = builder->advance;
328 glyph_width = decoder->glyph_width;
329
330 builder->left_bearing.x = 0;
331 builder->left_bearing.y = 0;
332
333 builder->pos_x = adx - asb;
334 builder->pos_y = ady;
335
336 /* Now load `achar' on top of the base outline. */
337 error = decoder->get_glyph_callback( face, (FT_UInt)achar_index,
338 &charstring, &charstring_len );
339 if ( !error )
340 {
341 /* the seac operator must not be nested */
342 decoder->seac = TRUE;
343 error = cff_decoder_parse_charstrings( decoder, charstring,
344 charstring_len, 0 );
345 decoder->seac = FALSE;
346
347 decoder->free_glyph_callback( face, &charstring, charstring_len );
348
349 if ( error )
350 goto Exit;
351 }
352
353 /* Restore the left side bearing, advance and glyph width */
354 /* of the base character. */
355 builder->left_bearing = left_bearing;
356 builder->advance = advance;
357 decoder->glyph_width = glyph_width;
358
359 builder->pos_x = 0;
360 builder->pos_y = 0;
361
362 Exit:
363 return error;
364 }
365
366 #endif /* CFF_CONFIG_OPTION_OLD_ENGINE */
367
368
369 /*************************************************************************/
370 /*************************************************************************/
371 /*************************************************************************/
372 /********** *********/
373 /********** *********/
374 /********** GENERIC CHARSTRING PARSING *********/
375 /********** *********/
376 /********** *********/
377 /*************************************************************************/
378 /*************************************************************************/
379 /*************************************************************************/
380
381 /*************************************************************************/
382 /* */
383 /* <Function> */
384 /* cff_compute_bias */
385 /* */
386 /* <Description> */
387 /* Computes the bias value in dependence of the number of glyph */
388 /* subroutines. */
389 /* */
390 /* <Input> */
391 /* in_charstring_type :: The `CharstringType' value of the top DICT */
392 /* dictionary. */
393 /* */
394 /* num_subrs :: The number of glyph subroutines. */
395 /* */
396 /* <Return> */
397 /* The bias value. */
398 static FT_Int
399 cff_compute_bias( FT_Int in_charstring_type,
400 FT_UInt num_subrs )
401 {
402 FT_Int result;
403
404
405 if ( in_charstring_type == 1 )
406 result = 0;
407 else if ( num_subrs < 1240 )
408 result = 107;
409 else if ( num_subrs < 33900U )
410 result = 1131;
411 else
412 result = 32768U;
413
414 return result;
415 }
416
417
418 FT_LOCAL_DEF( FT_Int )
419 cff_lookup_glyph_by_stdcharcode( CFF_Font cff,
420 FT_Int charcode )
421 {
422 FT_UInt n;
423 FT_UShort glyph_sid;
424
425 FT_Service_CFFLoad cffload;
426
427
428 /* CID-keyed fonts don't have glyph names */
429 if ( !cff->charset.sids )
430 return -1;
431
432 /* check range of standard char code */
433 if ( charcode < 0 || charcode > 255 )
434 return -1;
435
436 #if 0
437 /* retrieve cffload from list of current modules */
438 FT_Service_CFFLoad cffload;
439
440
441 FT_FACE_FIND_GLOBAL_SERVICE( face, cffload, CFF_LOAD );
442 if ( !cffload )
443 {
444 FT_ERROR(( "cff_lookup_glyph_by_stdcharcode:"
445 " the `cffload' module is not available\n" ));
446 return FT_THROW( Unimplemented_Feature );
447 }
448 #endif
449
450 cffload = (FT_Service_CFFLoad)cff->cffload;
451
452 /* Get code to SID mapping from `cff_standard_encoding'. */
453 glyph_sid = cffload->get_standard_encoding( (FT_UInt)charcode );
454
455 for ( n = 0; n < cff->num_glyphs; n++ )
456 {
457 if ( cff->charset.sids[n] == glyph_sid )
458 return (FT_Int)n;
459 }
460
461 return -1;
462 }
463
464
465 #ifdef CFF_CONFIG_OPTION_OLD_ENGINE
466
467 /*************************************************************************/
468 /* */
469 /* <Function> */
470 /* cff_decoder_parse_charstrings */
471 /* */
472 /* <Description> */
473 /* Parses a given Type 2 charstrings program. */
474 /* */
475 /* <InOut> */
476 /* decoder :: The current Type 1 decoder. */
477 /* */
478 /* <Input> */
479 /* charstring_base :: The base of the charstring stream. */
480 /* */
481 /* charstring_len :: The length in bytes of the charstring stream. */
482 /* */
483 /* in_dict :: Set to 1 if function is called from top or */
484 /* private DICT (needed for Multiple Master CFFs). */
485 /* */
486 /* <Return> */
487 /* FreeType error code. 0 means success. */
488 /* */
489 FT_LOCAL_DEF( FT_Error )
490 cff_decoder_parse_charstrings( CFF_Decoder* decoder,
491 FT_Byte* charstring_base,
492 FT_ULong charstring_len,
493 FT_Bool in_dict )
494 {
495 FT_Error error;
496 CFF_Decoder_Zone* zone;
497 FT_Byte* ip;
498 FT_Byte* limit;
499 CFF_Builder* builder = &decoder->builder;
500 FT_Pos x, y;
501 FT_Fixed* stack;
502 FT_Int charstring_type =
503 decoder->cff->top_font.font_dict.charstring_type;
504 FT_UShort num_designs =
505 decoder->cff->top_font.font_dict.num_designs;
506 FT_UShort num_axes =
507 decoder->cff->top_font.font_dict.num_axes;
508
509 T2_Hints_Funcs hinter;
510
511
512 /* set default width */
513 decoder->num_hints = 0;
514 decoder->read_width = 1;
515
516 /* initialize the decoder */
517 decoder->top = decoder->stack;
518 decoder->zone = decoder->zones;
519 zone = decoder->zones;
520 stack = decoder->top;
521
522 hinter = (T2_Hints_Funcs)builder->hints_funcs;
523
524 builder->path_begun = 0;
525
526 zone->base = charstring_base;
527 limit = zone->limit = charstring_base + charstring_len;
528 ip = zone->cursor = zone->base;
529
530 error = FT_Err_Ok;
531
532 x = builder->pos_x;
533 y = builder->pos_y;
534
535 /* begin hints recording session, if any */
536 if ( hinter )
537 hinter->open( hinter->hints );
538
539 /* now execute loop */
540 while ( ip < limit )
541 {
542 CFF_Operator op;
543 FT_Byte v;
544
545
546 /********************************************************************/
547 /* */
548 /* Decode operator or operand */
549 /* */
550 v = *ip++;
551 if ( v >= 32 || v == 28 )
552 {
553 FT_Int shift = 16;
554 FT_Int32 val;
555
556
557 /* this is an operand, push it on the stack */
558
559 /* if we use shifts, all computations are done with unsigned */
560 /* values; the conversion to a signed value is the last step */
561 if ( v == 28 )
562 {
563 if ( ip + 1 >= limit )
564 goto Syntax_Error;
565 val = (FT_Short)( ( (FT_UShort)ip[0] << 8 ) | ip[1] );
566 ip += 2;
567 }
568 else if ( v < 247 )
569 val = (FT_Int32)v - 139;
570 else if ( v < 251 )
571 {
572 if ( ip >= limit )
573 goto Syntax_Error;
574 val = ( (FT_Int32)v - 247 ) * 256 + *ip++ + 108;
575 }
576 else if ( v < 255 )
577 {
578 if ( ip >= limit )
579 goto Syntax_Error;
580 val = -( (FT_Int32)v - 251 ) * 256 - *ip++ - 108;
581 }
582 else
583 {
584 if ( ip + 3 >= limit )
585 goto Syntax_Error;
586 val = (FT_Int32)( ( (FT_UInt32)ip[0] << 24 ) |
587 ( (FT_UInt32)ip[1] << 16 ) |
588 ( (FT_UInt32)ip[2] << 8 ) |
589 (FT_UInt32)ip[3] );
590 ip += 4;
591 if ( charstring_type == 2 )
592 shift = 0;
593 }
594 if ( decoder->top - stack >= CFF_MAX_OPERANDS )
595 goto Stack_Overflow;
596
597 val = (FT_Int32)( (FT_UInt32)val << shift );
598 *decoder->top++ = val;
599
600 #ifdef FT_DEBUG_LEVEL_TRACE
601 if ( !( val & 0xFFFFL ) )
602 FT_TRACE4(( " %hd", (FT_Short)( (FT_UInt32)val >> 16 ) ));
603 else
604 FT_TRACE4(( " %.5f", val / 65536.0 ));
605 #endif
606
607 }
608 else
609 {
610 /* The specification says that normally arguments are to be taken */
611 /* from the bottom of the stack. However, this seems not to be */
612 /* correct, at least for Acroread 7.0.8 on GNU/Linux: It pops the */
613 /* arguments similar to a PS interpreter. */
614
615 FT_Fixed* args = decoder->top;
616 FT_Int num_args = (FT_Int)( args - decoder->stack );
617 FT_Int req_args;
618
619
620 /* find operator */
621 op = cff_op_unknown;
622
623 switch ( v )
624 {
625 case 1:
626 op = cff_op_hstem;
627 break;
628 case 3:
629 op = cff_op_vstem;
630 break;
631 case 4:
632 op = cff_op_vmoveto;
633 break;
634 case 5:
635 op = cff_op_rlineto;
636 break;
637 case 6:
638 op = cff_op_hlineto;
639 break;
640 case 7:
641 op = cff_op_vlineto;
642 break;
643 case 8:
644 op = cff_op_rrcurveto;
645 break;
646 case 9:
647 op = cff_op_closepath;
648 break;
649 case 10:
650 op = cff_op_callsubr;
651 break;
652 case 11:
653 op = cff_op_return;
654 break;
655 case 12:
656 if ( ip >= limit )
657 goto Syntax_Error;
658 v = *ip++;
659
660 switch ( v )
661 {
662 case 0:
663 op = cff_op_dotsection;
664 break;
665 case 1: /* this is actually the Type1 vstem3 operator */
666 op = cff_op_vstem;
667 break;
668 case 2: /* this is actually the Type1 hstem3 operator */
669 op = cff_op_hstem;
670 break;
671 case 3:
672 op = cff_op_and;
673 break;
674 case 4:
675 op = cff_op_or;
676 break;
677 case 5:
678 op = cff_op_not;
679 break;
680 case 6:
681 op = cff_op_seac;
682 break;
683 case 7:
684 op = cff_op_sbw;
685 break;
686 case 8:
687 op = cff_op_store;
688 break;
689 case 9:
690 op = cff_op_abs;
691 break;
692 case 10:
693 op = cff_op_add;
694 break;
695 case 11:
696 op = cff_op_sub;
697 break;
698 case 12:
699 op = cff_op_div;
700 break;
701 case 13:
702 op = cff_op_load;
703 break;
704 case 14:
705 op = cff_op_neg;
706 break;
707 case 15:
708 op = cff_op_eq;
709 break;
710 case 16:
711 op = cff_op_callothersubr;
712 break;
713 case 17:
714 op = cff_op_pop;
715 break;
716 case 18:
717 op = cff_op_drop;
718 break;
719 case 20:
720 op = cff_op_put;
721 break;
722 case 21:
723 op = cff_op_get;
724 break;
725 case 22:
726 op = cff_op_ifelse;
727 break;
728 case 23:
729 op = cff_op_random;
730 break;
731 case 24:
732 op = cff_op_mul;
733 break;
734 case 26:
735 op = cff_op_sqrt;
736 break;
737 case 27:
738 op = cff_op_dup;
739 break;
740 case 28:
741 op = cff_op_exch;
742 break;
743 case 29:
744 op = cff_op_index;
745 break;
746 case 30:
747 op = cff_op_roll;
748 break;
749 case 33:
750 op = cff_op_setcurrentpoint;
751 break;
752 case 34:
753 op = cff_op_hflex;
754 break;
755 case 35:
756 op = cff_op_flex;
757 break;
758 case 36:
759 op = cff_op_hflex1;
760 break;
761 case 37:
762 op = cff_op_flex1;
763 break;
764 default:
765 FT_TRACE4(( " unknown op (12, %d)\n", v ));
766 break;
767 }
768 break;
769 case 13:
770 op = cff_op_hsbw;
771 break;
772 case 14:
773 op = cff_op_endchar;
774 break;
775 case 16:
776 op = cff_op_blend;
777 break;
778 case 18:
779 op = cff_op_hstemhm;
780 break;
781 case 19:
782 op = cff_op_hintmask;
783 break;
784 case 20:
785 op = cff_op_cntrmask;
786 break;
787 case 21:
788 op = cff_op_rmoveto;
789 break;
790 case 22:
791 op = cff_op_hmoveto;
792 break;
793 case 23:
794 op = cff_op_vstemhm;
795 break;
796 case 24:
797 op = cff_op_rcurveline;
798 break;
799 case 25:
800 op = cff_op_rlinecurve;
801 break;
802 case 26:
803 op = cff_op_vvcurveto;
804 break;
805 case 27:
806 op = cff_op_hhcurveto;
807 break;
808 case 29:
809 op = cff_op_callgsubr;
810 break;
811 case 30:
812 op = cff_op_vhcurveto;
813 break;
814 case 31:
815 op = cff_op_hvcurveto;
816 break;
817 default:
818 FT_TRACE4(( " unknown op (%d)\n", v ));
819 break;
820 }
821
822 if ( op == cff_op_unknown )
823 continue;
824
825 /* in Multiple Master CFFs, T2 charstrings can appear in */
826 /* dictionaries, but some operators are prohibited */
827 if ( in_dict )
828 {
829 switch ( op )
830 {
831 case cff_op_hstem:
832 case cff_op_vstem:
833 case cff_op_vmoveto:
834 case cff_op_rlineto:
835 case cff_op_hlineto:
836 case cff_op_vlineto:
837 case cff_op_rrcurveto:
838 case cff_op_hstemhm:
839 case cff_op_hintmask:
840 case cff_op_cntrmask:
841 case cff_op_rmoveto:
842 case cff_op_hmoveto:
843 case cff_op_vstemhm:
844 case cff_op_rcurveline:
845 case cff_op_rlinecurve:
846 case cff_op_vvcurveto:
847 case cff_op_hhcurveto:
848 case cff_op_vhcurveto:
849 case cff_op_hvcurveto:
850 case cff_op_hflex:
851 case cff_op_flex:
852 case cff_op_hflex1:
853 case cff_op_flex1:
854 case cff_op_callsubr:
855 case cff_op_callgsubr:
856 goto MM_Error;
857
858 default:
859 break;
860 }
861 }
862
863 /* check arguments */
864 req_args = cff_argument_counts[op];
865 if ( req_args & CFF_COUNT_CHECK_WIDTH )
866 {
867 if ( num_args > 0 && decoder->read_width )
868 {
869 /* If `nominal_width' is non-zero, the number is really a */
870 /* difference against `nominal_width'. Else, the number here */
871 /* is truly a width, not a difference against `nominal_width'. */
872 /* If the font does not set `nominal_width', then */
873 /* `nominal_width' defaults to zero, and so we can set */
874 /* `glyph_width' to `nominal_width' plus number on the stack */
875 /* -- for either case. */
876
877 FT_Int set_width_ok;
878
879
880 switch ( op )
881 {
882 case cff_op_hmoveto:
883 case cff_op_vmoveto:
884 set_width_ok = num_args & 2;
885 break;
886
887 case cff_op_hstem:
888 case cff_op_vstem:
889 case cff_op_hstemhm:
890 case cff_op_vstemhm:
891 case cff_op_rmoveto:
892 case cff_op_hintmask:
893 case cff_op_cntrmask:
894 set_width_ok = num_args & 1;
895 break;
896
897 case cff_op_endchar:
898 /* If there is a width specified for endchar, we either have */
899 /* 1 argument or 5 arguments. We like to argue. */
900 set_width_ok = in_dict
901 ? 0
902 : ( ( num_args == 5 ) || ( num_args == 1 ) );
903 break;
904
905 default:
906 set_width_ok = 0;
907 break;
908 }
909
910 if ( set_width_ok )
911 {
912 decoder->glyph_width = decoder->nominal_width +
913 ( stack[0] >> 16 );
914
915 if ( decoder->width_only )
916 {
917 /* we only want the advance width; stop here */
918 break;
919 }
920
921 /* Consumed an argument. */
922 num_args--;
923 }
924 }
925
926 decoder->read_width = 0;
927 req_args = 0;
928 }
929
930 req_args &= 0x000F;
931 if ( num_args < req_args )
932 goto Stack_Underflow;
933 args -= req_args;
934 num_args -= req_args;
935
936 /* At this point, `args' points to the first argument of the */
937 /* operand in case `req_args' isn't zero. Otherwise, we have */
938 /* to adjust `args' manually. */
939
940 /* Note that we only pop arguments from the stack which we */
941 /* really need and can digest so that we can continue in case */
942 /* of superfluous stack elements. */
943
944 switch ( op )
945 {
946 case cff_op_hstem:
947 case cff_op_vstem:
948 case cff_op_hstemhm:
949 case cff_op_vstemhm:
950 /* the number of arguments is always even here */
951 FT_TRACE4((
952 op == cff_op_hstem ? " hstem\n" :
953 ( op == cff_op_vstem ? " vstem\n" :
954 ( op == cff_op_hstemhm ? " hstemhm\n" : " vstemhm\n" ) ) ));
955
956 if ( hinter )
957 hinter->stems( hinter->hints,
958 ( op == cff_op_hstem || op == cff_op_hstemhm ),
959 num_args / 2,
960 args - ( num_args & ~1 ) );
961
962 decoder->num_hints += num_args / 2;
963 args = stack;
964 break;
965
966 case cff_op_hintmask:
967 case cff_op_cntrmask:
968 FT_TRACE4(( op == cff_op_hintmask ? " hintmask" : " cntrmask" ));
969
970 /* implement vstem when needed -- */
971 /* the specification doesn't say it, but this also works */
972 /* with the 'cntrmask' operator */
973 /* */
974 if ( num_args > 0 )
975 {
976 if ( hinter )
977 hinter->stems( hinter->hints,
978 0,
979 num_args / 2,
980 args - ( num_args & ~1 ) );
981
982 decoder->num_hints += num_args / 2;
983 }
984
985 /* In a valid charstring there must be at least one byte */
986 /* after `hintmask' or `cntrmask' (e.g., for a `return' */
987 /* instruction). Additionally, there must be space for */
988 /* `num_hints' bits. */
989
990 if ( ( ip + ( ( decoder->num_hints + 7 ) >> 3 ) ) >= limit )
991 goto Syntax_Error;
992
993 if ( hinter )
994 {
995 if ( op == cff_op_hintmask )
996 hinter->hintmask( hinter->hints,
997 (FT_UInt)builder->current->n_points,
998 (FT_UInt)decoder->num_hints,
999 ip );
1000 else
1001 hinter->counter( hinter->hints,
1002 (FT_UInt)decoder->num_hints,
1003 ip );
1004 }
1005
1006 #ifdef FT_DEBUG_LEVEL_TRACE
1007 {
1008 FT_UInt maskbyte;
1009
1010
1011 FT_TRACE4(( " (maskbytes:" ));
1012
1013 for ( maskbyte = 0;
1014 maskbyte < (FT_UInt)( ( decoder->num_hints + 7 ) >> 3 );
1015 maskbyte++, ip++ )
1016 FT_TRACE4(( " 0x%02X", *ip ));
1017
1018 FT_TRACE4(( ")\n" ));
1019 }
1020 #else
1021 ip += ( decoder->num_hints + 7 ) >> 3;
1022 #endif
1023 args = stack;
1024 break;
1025
1026 case cff_op_rmoveto:
1027 FT_TRACE4(( " rmoveto\n" ));
1028
1029 cff_builder_close_contour( builder );
1030 builder->path_begun = 0;
1031 x = ADD_LONG( x, args[-2] );
1032 y = ADD_LONG( y, args[-1] );
1033 args = stack;
1034 break;
1035
1036 case cff_op_vmoveto:
1037 FT_TRACE4(( " vmoveto\n" ));
1038
1039 cff_builder_close_contour( builder );
1040 builder->path_begun = 0;
1041 y = ADD_LONG( y, args[-1] );
1042 args = stack;
1043 break;
1044
1045 case cff_op_hmoveto:
1046 FT_TRACE4(( " hmoveto\n" ));
1047
1048 cff_builder_close_contour( builder );
1049 builder->path_begun = 0;
1050 x = ADD_LONG( x, args[-1] );
1051 args = stack;
1052 break;
1053
1054 case cff_op_rlineto:
1055 FT_TRACE4(( " rlineto\n" ));
1056
1057 if ( cff_builder_start_point( builder, x, y ) ||
1058 cff_check_points( builder, num_args / 2 ) )
1059 goto Fail;
1060
1061 if ( num_args < 2 )
1062 goto Stack_Underflow;
1063
1064 args -= num_args & ~1;
1065 while ( args < decoder->top )
1066 {
1067 x = ADD_LONG( x, args[0] );
1068 y = ADD_LONG( y, args[1] );
1069 cff_builder_add_point( builder, x, y, 1 );
1070 args += 2;
1071 }
1072 args = stack;
1073 break;
1074
1075 case cff_op_hlineto:
1076 case cff_op_vlineto:
1077 {
1078 FT_Int phase = ( op == cff_op_hlineto );
1079
1080
1081 FT_TRACE4(( op == cff_op_hlineto ? " hlineto\n"
1082 : " vlineto\n" ));
1083
1084 if ( num_args < 0 )
1085 goto Stack_Underflow;
1086
1087 /* there exist subsetted fonts (found in PDFs) */
1088 /* which call `hlineto' without arguments */
1089 if ( num_args == 0 )
1090 break;
1091
1092 if ( cff_builder_start_point( builder, x, y ) ||
1093 cff_check_points( builder, num_args ) )
1094 goto Fail;
1095
1096 args = stack;
1097 while ( args < decoder->top )
1098 {
1099 if ( phase )
1100 x = ADD_LONG( x, args[0] );
1101 else
1102 y = ADD_LONG( y, args[0] );
1103
1104 if ( cff_builder_add_point1( builder, x, y ) )
1105 goto Fail;
1106
1107 args++;
1108 phase ^= 1;
1109 }
1110 args = stack;
1111 }
1112 break;
1113
1114 case cff_op_rrcurveto:
1115 {
1116 FT_Int nargs;
1117
1118
1119 FT_TRACE4(( " rrcurveto\n" ));
1120
1121 if ( num_args < 6 )
1122 goto Stack_Underflow;
1123
1124 nargs = num_args - num_args % 6;
1125
1126 if ( cff_builder_start_point( builder, x, y ) ||
1127 cff_check_points( builder, nargs / 2 ) )
1128 goto Fail;
1129
1130 args -= nargs;
1131 while ( args < decoder->top )
1132 {
1133 x = ADD_LONG( x, args[0] );
1134 y = ADD_LONG( y, args[1] );
1135 cff_builder_add_point( builder, x, y, 0 );
1136
1137 x = ADD_LONG( x, args[2] );
1138 y = ADD_LONG( y, args[3] );
1139 cff_builder_add_point( builder, x, y, 0 );
1140
1141 x = ADD_LONG( x, args[4] );
1142 y = ADD_LONG( y, args[5] );
1143 cff_builder_add_point( builder, x, y, 1 );
1144
1145 args += 6;
1146 }
1147 args = stack;
1148 }
1149 break;
1150
1151 case cff_op_vvcurveto:
1152 {
1153 FT_Int nargs;
1154
1155
1156 FT_TRACE4(( " vvcurveto\n" ));
1157
1158 if ( num_args < 4 )
1159 goto Stack_Underflow;
1160
1161 /* if num_args isn't of the form 4n or 4n+1, */
1162 /* we enforce it by clearing the second bit */
1163
1164 nargs = num_args & ~2;
1165
1166 if ( cff_builder_start_point( builder, x, y ) )
1167 goto Fail;
1168
1169 args -= nargs;
1170
1171 if ( nargs & 1 )
1172 {
1173 x = ADD_LONG( x, args[0] );
1174 args++;
1175 nargs--;
1176 }
1177
1178 if ( cff_check_points( builder, 3 * ( nargs / 4 ) ) )
1179 goto Fail;
1180
1181 while ( args < decoder->top )
1182 {
1183 y = ADD_LONG( y, args[0] );
1184 cff_builder_add_point( builder, x, y, 0 );
1185
1186 x = ADD_LONG( x, args[1] );
1187 y = ADD_LONG( y, args[2] );
1188 cff_builder_add_point( builder, x, y, 0 );
1189
1190 y = ADD_LONG( y, args[3] );
1191 cff_builder_add_point( builder, x, y, 1 );
1192
1193 args += 4;
1194 }
1195 args = stack;
1196 }
1197 break;
1198
1199 case cff_op_hhcurveto:
1200 {
1201 FT_Int nargs;
1202
1203
1204 FT_TRACE4(( " hhcurveto\n" ));
1205
1206 if ( num_args < 4 )
1207 goto Stack_Underflow;
1208
1209 /* if num_args isn't of the form 4n or 4n+1, */
1210 /* we enforce it by clearing the second bit */
1211
1212 nargs = num_args & ~2;
1213
1214 if ( cff_builder_start_point( builder, x, y ) )
1215 goto Fail;
1216
1217 args -= nargs;
1218 if ( nargs & 1 )
1219 {
1220 y = ADD_LONG( y, args[0] );
1221 args++;
1222 nargs--;
1223 }
1224
1225 if ( cff_check_points( builder, 3 * ( nargs / 4 ) ) )
1226 goto Fail;
1227
1228 while ( args < decoder->top )
1229 {
1230 x = ADD_LONG( x, args[0] );
1231 cff_builder_add_point( builder, x, y, 0 );
1232
1233 x = ADD_LONG( x, args[1] );
1234 y = ADD_LONG( y, args[2] );
1235 cff_builder_add_point( builder, x, y, 0 );
1236
1237 x = ADD_LONG( x, args[3] );
1238 cff_builder_add_point( builder, x, y, 1 );
1239
1240 args += 4;
1241 }
1242 args = stack;
1243 }
1244 break;
1245
1246 case cff_op_vhcurveto:
1247 case cff_op_hvcurveto:
1248 {
1249 FT_Int phase;
1250 FT_Int nargs;
1251
1252
1253 FT_TRACE4(( op == cff_op_vhcurveto ? " vhcurveto\n"
1254 : " hvcurveto\n" ));
1255
1256 if ( cff_builder_start_point( builder, x, y ) )
1257 goto Fail;
1258
1259 if ( num_args < 4 )
1260 goto Stack_Underflow;
1261
1262 /* if num_args isn't of the form 8n, 8n+1, 8n+4, or 8n+5, */
1263 /* we enforce it by clearing the second bit */
1264
1265 nargs = num_args & ~2;
1266
1267 args -= nargs;
1268 if ( cff_check_points( builder, ( nargs / 4 ) * 3 ) )
1269 goto Stack_Underflow;
1270
1271 phase = ( op == cff_op_hvcurveto );
1272
1273 while ( nargs >= 4 )
1274 {
1275 nargs -= 4;
1276 if ( phase )
1277 {
1278 x = ADD_LONG( x, args[0] );
1279 cff_builder_add_point( builder, x, y, 0 );
1280
1281 x = ADD_LONG( x, args[1] );
1282 y = ADD_LONG( y, args[2] );
1283 cff_builder_add_point( builder, x, y, 0 );
1284
1285 y = ADD_LONG( y, args[3] );
1286 if ( nargs == 1 )
1287 x = ADD_LONG( x, args[4] );
1288 cff_builder_add_point( builder, x, y, 1 );
1289 }
1290 else
1291 {
1292 y = ADD_LONG( y, args[0] );
1293 cff_builder_add_point( builder, x, y, 0 );
1294
1295 x = ADD_LONG( x, args[1] );
1296 y = ADD_LONG( y, args[2] );
1297 cff_builder_add_point( builder, x, y, 0 );
1298
1299 x = ADD_LONG( x, args[3] );
1300 if ( nargs == 1 )
1301 y = ADD_LONG( y, args[4] );
1302 cff_builder_add_point( builder, x, y, 1 );
1303 }
1304 args += 4;
1305 phase ^= 1;
1306 }
1307 args = stack;
1308 }
1309 break;
1310
1311 case cff_op_rlinecurve:
1312 {
1313 FT_Int num_lines;
1314 FT_Int nargs;
1315
1316
1317 FT_TRACE4(( " rlinecurve\n" ));
1318
1319 if ( num_args < 8 )
1320 goto Stack_Underflow;
1321
1322 nargs = num_args & ~1;
1323 num_lines = ( nargs - 6 ) / 2;
1324
1325 if ( cff_builder_start_point( builder, x, y ) ||
1326 cff_check_points( builder, num_lines + 3 ) )
1327 goto Fail;
1328
1329 args -= nargs;
1330
1331 /* first, add the line segments */
1332 while ( num_lines > 0 )
1333 {
1334 x = ADD_LONG( x, args[0] );
1335 y = ADD_LONG( y, args[1] );
1336 cff_builder_add_point( builder, x, y, 1 );
1337
1338 args += 2;
1339 num_lines--;
1340 }
1341
1342 /* then the curve */
1343 x = ADD_LONG( x, args[0] );
1344 y = ADD_LONG( y, args[1] );
1345 cff_builder_add_point( builder, x, y, 0 );
1346
1347 x = ADD_LONG( x, args[2] );
1348 y = ADD_LONG( y, args[3] );
1349 cff_builder_add_point( builder, x, y, 0 );
1350
1351 x = ADD_LONG( x, args[4] );
1352 y = ADD_LONG( y, args[5] );
1353 cff_builder_add_point( builder, x, y, 1 );
1354
1355 args = stack;
1356 }
1357 break;
1358
1359 case cff_op_rcurveline:
1360 {
1361 FT_Int num_curves;
1362 FT_Int nargs;
1363
1364
1365 FT_TRACE4(( " rcurveline\n" ));
1366
1367 if ( num_args < 8 )
1368 goto Stack_Underflow;
1369
1370 nargs = num_args - 2;
1371 nargs = nargs - nargs % 6 + 2;
1372 num_curves = ( nargs - 2 ) / 6;
1373
1374 if ( cff_builder_start_point( builder, x, y ) ||
1375 cff_check_points( builder, num_curves * 3 + 2 ) )
1376 goto Fail;
1377
1378 args -= nargs;
1379
1380 /* first, add the curves */
1381 while ( num_curves > 0 )
1382 {
1383 x = ADD_LONG( x, args[0] );
1384 y = ADD_LONG( y, args[1] );
1385 cff_builder_add_point( builder, x, y, 0 );
1386
1387 x = ADD_LONG( x, args[2] );
1388 y = ADD_LONG( y, args[3] );
1389 cff_builder_add_point( builder, x, y, 0 );
1390
1391 x = ADD_LONG( x, args[4] );
1392 y = ADD_LONG( y, args[5] );
1393 cff_builder_add_point( builder, x, y, 1 );
1394
1395 args += 6;
1396 num_curves--;
1397 }
1398
1399 /* then the final line */
1400 x = ADD_LONG( x, args[0] );
1401 y = ADD_LONG( y, args[1] );
1402 cff_builder_add_point( builder, x, y, 1 );
1403
1404 args = stack;
1405 }
1406 break;
1407
1408 case cff_op_hflex1:
1409 {
1410 FT_Pos start_y;
1411
1412
1413 FT_TRACE4(( " hflex1\n" ));
1414
1415 /* adding five more points: 4 control points, 1 on-curve point */
1416 /* -- make sure we have enough space for the start point if it */
1417 /* needs to be added */
1418 if ( cff_builder_start_point( builder, x, y ) ||
1419 cff_check_points( builder, 6 ) )
1420 goto Fail;
1421
1422 /* record the starting point's y position for later use */
1423 start_y = y;
1424
1425 /* first control point */
1426 x = ADD_LONG( x, args[0] );
1427 y = ADD_LONG( y, args[1] );
1428 cff_builder_add_point( builder, x, y, 0 );
1429
1430 /* second control point */
1431 x = ADD_LONG( x, args[2] );
1432 y = ADD_LONG( y, args[3] );
1433 cff_builder_add_point( builder, x, y, 0 );
1434
1435 /* join point; on curve, with y-value the same as the last */
1436 /* control point's y-value */
1437 x = ADD_LONG( x, args[4] );
1438 cff_builder_add_point( builder, x, y, 1 );
1439
1440 /* third control point, with y-value the same as the join */
1441 /* point's y-value */
1442 x = ADD_LONG( x, args[5] );
1443 cff_builder_add_point( builder, x, y, 0 );
1444
1445 /* fourth control point */
1446 x = ADD_LONG( x, args[6] );
1447 y = ADD_LONG( y, args[7] );
1448 cff_builder_add_point( builder, x, y, 0 );
1449
1450 /* ending point, with y-value the same as the start */
1451 x = ADD_LONG( x, args[8] );
1452 y = start_y;
1453 cff_builder_add_point( builder, x, y, 1 );
1454
1455 args = stack;
1456 break;
1457 }
1458
1459 case cff_op_hflex:
1460 {
1461 FT_Pos start_y;
1462
1463
1464 FT_TRACE4(( " hflex\n" ));
1465
1466 /* adding six more points; 4 control points, 2 on-curve points */
1467 if ( cff_builder_start_point( builder, x, y ) ||
1468 cff_check_points( builder, 6 ) )
1469 goto Fail;
1470
1471 /* record the starting point's y-position for later use */
1472 start_y = y;
1473
1474 /* first control point */
1475 x = ADD_LONG( x, args[0] );
1476 cff_builder_add_point( builder, x, y, 0 );
1477
1478 /* second control point */
1479 x = ADD_LONG( x, args[1] );
1480 y = ADD_LONG( y, args[2] );
1481 cff_builder_add_point( builder, x, y, 0 );
1482
1483 /* join point; on curve, with y-value the same as the last */
1484 /* control point's y-value */
1485 x = ADD_LONG( x, args[3] );
1486 cff_builder_add_point( builder, x, y, 1 );
1487
1488 /* third control point, with y-value the same as the join */
1489 /* point's y-value */
1490 x = ADD_LONG( x, args[4] );
1491 cff_builder_add_point( builder, x, y, 0 );
1492
1493 /* fourth control point */
1494 x = ADD_LONG( x, args[5] );
1495 y = start_y;
1496 cff_builder_add_point( builder, x, y, 0 );
1497
1498 /* ending point, with y-value the same as the start point's */
1499 /* y-value -- we don't add this point, though */
1500 x = ADD_LONG( x, args[6] );
1501 cff_builder_add_point( builder, x, y, 1 );
1502
1503 args = stack;
1504 break;
1505 }
1506
1507 case cff_op_flex1:
1508 {
1509 FT_Pos start_x, start_y; /* record start x, y values for */
1510 /* alter use */
1511 FT_Fixed dx = 0, dy = 0; /* used in horizontal/vertical */
1512 /* algorithm below */
1513 FT_Int horizontal, count;
1514 FT_Fixed* temp;
1515
1516
1517 FT_TRACE4(( " flex1\n" ));
1518
1519 /* adding six more points; 4 control points, 2 on-curve points */
1520 if ( cff_builder_start_point( builder, x, y ) ||
1521 cff_check_points( builder, 6 ) )
1522 goto Fail;
1523
1524 /* record the starting point's x, y position for later use */
1525 start_x = x;
1526 start_y = y;
1527
1528 /* XXX: figure out whether this is supposed to be a horizontal */
1529 /* or vertical flex; the Type 2 specification is vague... */
1530
1531 temp = args;
1532
1533 /* grab up to the last argument */
1534 for ( count = 5; count > 0; count-- )
1535 {
1536 dx = ADD_LONG( dx, temp[0] );
1537 dy = ADD_LONG( dy, temp[1] );
1538 temp += 2;
1539 }
1540
1541 if ( dx < 0 )
1542 dx = -dx;
1543 if ( dy < 0 )
1544 dy = -dy;
1545
1546 /* strange test, but here it is... */
1547 horizontal = ( dx > dy );
1548
1549 for ( count = 5; count > 0; count-- )
1550 {
1551 x = ADD_LONG( x, args[0] );
1552 y = ADD_LONG( y, args[1] );
1553 cff_builder_add_point( builder, x, y,
1554 (FT_Bool)( count == 3 ) );
1555 args += 2;
1556 }
1557
1558 /* is last operand an x- or y-delta? */
1559 if ( horizontal )
1560 {
1561 x = ADD_LONG( x, args[0] );
1562 y = start_y;
1563 }
1564 else
1565 {
1566 x = start_x;
1567 y = ADD_LONG( y, args[0] );
1568 }
1569
1570 cff_builder_add_point( builder, x, y, 1 );
1571
1572 args = stack;
1573 break;
1574 }
1575
1576 case cff_op_flex:
1577 {
1578 FT_UInt count;
1579
1580
1581 FT_TRACE4(( " flex\n" ));
1582
1583 if ( cff_builder_start_point( builder, x, y ) ||
1584 cff_check_points( builder, 6 ) )
1585 goto Fail;
1586
1587 for ( count = 6; count > 0; count-- )
1588 {
1589 x = ADD_LONG( x, args[0] );
1590 y = ADD_LONG( y, args[1] );
1591 cff_builder_add_point( builder, x, y,
1592 (FT_Bool)( count == 4 || count == 1 ) );
1593 args += 2;
1594 }
1595
1596 args = stack;
1597 }
1598 break;
1599
1600 case cff_op_seac:
1601 FT_TRACE4(( " seac\n" ));
1602
1603 error = cff_operator_seac( decoder,
1604 args[0], args[1], args[2],
1605 (FT_Int)( args[3] >> 16 ),
1606 (FT_Int)( args[4] >> 16 ) );
1607
1608 /* add current outline to the glyph slot */
1609 FT_GlyphLoader_Add( builder->loader );
1610
1611 /* return now! */
1612 FT_TRACE4(( "\n" ));
1613 return error;
1614
1615 case cff_op_endchar:
1616 /* in dictionaries, `endchar' simply indicates end of data */
1617 if ( in_dict )
1618 return error;
1619
1620 FT_TRACE4(( " endchar\n" ));
1621
1622 /* We are going to emulate the seac operator. */
1623 if ( num_args >= 4 )
1624 {
1625 /* Save glyph width so that the subglyphs don't overwrite it. */
1626 FT_Pos glyph_width = decoder->glyph_width;
1627
1628
1629 error = cff_operator_seac( decoder,
1630 0L, args[-4], args[-3],
1631 (FT_Int)( args[-2] >> 16 ),
1632 (FT_Int)( args[-1] >> 16 ) );
1633
1634 decoder->glyph_width = glyph_width;
1635 }
1636 else
1637 {
1638 cff_builder_close_contour( builder );
1639
1640 /* close hints recording session */
1641 if ( hinter )
1642 {
1643 if ( hinter->close( hinter->hints,
1644 (FT_UInt)builder->current->n_points ) )
1645 goto Syntax_Error;
1646
1647 /* apply hints to the loaded glyph outline now */
1648 error = hinter->apply( hinter->hints,
1649 builder->current,
1650 (PSH_Globals)builder->hints_globals,
1651 decoder->hint_mode );
1652 if ( error )
1653 goto Fail;
1654 }
1655
1656 /* add current outline to the glyph slot */
1657 FT_GlyphLoader_Add( builder->loader );
1658 }
1659
1660 /* return now! */
1661 FT_TRACE4(( "\n" ));
1662 return error;
1663
1664 case cff_op_abs:
1665 FT_TRACE4(( " abs\n" ));
1666
1667 if ( args[0] < 0 )
1668 {
1669 if ( args[0] == FT_LONG_MIN )
1670 args[0] = FT_LONG_MAX;
1671 else
1672 args[0] = -args[0];
1673 }
1674 args++;
1675 break;
1676
1677 case cff_op_add:
1678 FT_TRACE4(( " add\n" ));
1679
1680 args[0] = ADD_LONG( args[0], args[1] );
1681 args++;
1682 break;
1683
1684 case cff_op_sub:
1685 FT_TRACE4(( " sub\n" ));
1686
1687 args[0] = SUB_LONG( args[0], args[1] );
1688 args++;
1689 break;
1690
1691 case cff_op_div:
1692 FT_TRACE4(( " div\n" ));
1693
1694 args[0] = FT_DivFix( args[0], args[1] );
1695 args++;
1696 break;
1697
1698 case cff_op_neg:
1699 FT_TRACE4(( " neg\n" ));
1700
1701 if ( args[0] == FT_LONG_MIN )
1702 args[0] = FT_LONG_MAX;
1703 args[0] = -args[0];
1704 args++;
1705 break;
1706
1707 case cff_op_random:
1708 FT_TRACE4(( " random\n" ));
1709
1710 /* only use the lower 16 bits of `random' */
1711 /* to generate a number in the range (0;1] */
1712 args[0] = (FT_Fixed)
1713 ( ( decoder->current_subfont->random & 0xFFFF ) + 1 );
1714 args++;
1715
1716 decoder->current_subfont->random =
1717 cff_random( decoder->current_subfont->random );
1718 break;
1719
1720 case cff_op_mul:
1721 FT_TRACE4(( " mul\n" ));
1722
1723 args[0] = FT_MulFix( args[0], args[1] );
1724 args++;
1725 break;
1726
1727 case cff_op_sqrt:
1728 FT_TRACE4(( " sqrt\n" ));
1729
1730 if ( args[0] > 0 )
1731 {
1732 FT_Fixed root = args[0];
1733 FT_Fixed new_root;
1734
1735
1736 for (;;)
1737 {
1738 new_root = ( root + FT_DivFix( args[0], root ) + 1 ) >> 1;
1739 if ( new_root == root )
1740 break;
1741 root = new_root;
1742 }
1743 args[0] = new_root;
1744 }
1745 else
1746 args[0] = 0;
1747 args++;
1748 break;
1749
1750 case cff_op_drop:
1751 /* nothing */
1752 FT_TRACE4(( " drop\n" ));
1753
1754 break;
1755
1756 case cff_op_exch:
1757 {
1758 FT_Fixed tmp;
1759
1760
1761 FT_TRACE4(( " exch\n" ));
1762
1763 tmp = args[0];
1764 args[0] = args[1];
1765 args[1] = tmp;
1766 args += 2;
1767 }
1768 break;
1769
1770 case cff_op_index:
1771 {
1772 FT_Int idx = (FT_Int)( args[0] >> 16 );
1773
1774
1775 FT_TRACE4(( " index\n" ));
1776
1777 if ( idx < 0 )
1778 idx = 0;
1779 else if ( idx > num_args - 2 )
1780 idx = num_args - 2;
1781 args[0] = args[-( idx + 1 )];
1782 args++;
1783 }
1784 break;
1785
1786 case cff_op_roll:
1787 {
1788 FT_Int count = (FT_Int)( args[0] >> 16 );
1789 FT_Int idx = (FT_Int)( args[1] >> 16 );
1790
1791
1792 FT_TRACE4(( " roll\n" ));
1793
1794 if ( count <= 0 )
1795 count = 1;
1796
1797 args -= count;
1798 if ( args < stack )
1799 goto Stack_Underflow;
1800
1801 if ( idx >= 0 )
1802 {
1803 while ( idx > 0 )
1804 {
1805 FT_Fixed tmp = args[count - 1];
1806 FT_Int i;
1807
1808
1809 for ( i = count - 2; i >= 0; i-- )
1810 args[i + 1] = args[i];
1811 args[0] = tmp;
1812 idx--;
1813 }
1814 }
1815 else
1816 {
1817 while ( idx < 0 )
1818 {
1819 FT_Fixed tmp = args[0];
1820 FT_Int i;
1821
1822
1823 for ( i = 0; i < count - 1; i++ )
1824 args[i] = args[i + 1];
1825 args[count - 1] = tmp;
1826 idx++;
1827 }
1828 }
1829 args += count;
1830 }
1831 break;
1832
1833 case cff_op_dup:
1834 FT_TRACE4(( " dup\n" ));
1835
1836 args[1] = args[0];
1837 args += 2;
1838 break;
1839
1840 case cff_op_put:
1841 {
1842 FT_Fixed val = args[0];
1843 FT_Int idx = (FT_Int)( args[1] >> 16 );
1844
1845
1846 FT_TRACE4(( " put\n" ));
1847
1848 /* the Type2 specification before version 16-March-2000 */
1849 /* didn't give a hard-coded size limit of the temporary */
1850 /* storage array; instead, an argument of the */
1851 /* `MultipleMaster' operator set the size */
1852 if ( idx >= 0 && idx < CFF_MAX_TRANS_ELEMENTS )
1853 decoder->buildchar[idx] = val;
1854 }
1855 break;
1856
1857 case cff_op_get:
1858 {
1859 FT_Int idx = (FT_Int)( args[0] >> 16 );
1860 FT_Fixed val = 0;
1861
1862
1863 FT_TRACE4(( " get\n" ));
1864
1865 if ( idx >= 0 && idx < CFF_MAX_TRANS_ELEMENTS )
1866 val = decoder->buildchar[idx];
1867
1868 args[0] = val;
1869 args++;
1870 }
1871 break;
1872
1873 case cff_op_store:
1874 /* this operator was removed from the Type2 specification */
1875 /* in version 16-March-2000 */
1876
1877 /* since we currently don't handle interpolation of multiple */
1878 /* master fonts, this is a no-op */
1879 FT_TRACE4(( " store\n" ));
1880 break;
1881
1882 case cff_op_load:
1883 /* this operator was removed from the Type2 specification */
1884 /* in version 16-March-2000 */
1885 {
1886 FT_Int reg_idx = (FT_Int)args[0];
1887 FT_Int idx = (FT_Int)args[1];
1888 FT_Int count = (FT_Int)args[2];
1889
1890
1891 FT_TRACE4(( " load\n" ));
1892
1893 /* since we currently don't handle interpolation of multiple */
1894 /* master fonts, we store a vector [1 0 0 ...] in the */
1895 /* temporary storage array regardless of the Registry index */
1896 if ( reg_idx >= 0 && reg_idx <= 2 &&
1897 idx >= 0 && idx < CFF_MAX_TRANS_ELEMENTS &&
1898 count >= 0 && count <= num_axes )
1899 {
1900 FT_Int end, i;
1901
1902
1903 end = FT_MIN( idx + count, CFF_MAX_TRANS_ELEMENTS );
1904
1905 if ( idx < end )
1906 decoder->buildchar[idx] = 1 << 16;
1907
1908 for ( i = idx + 1; i < end; i++ )
1909 decoder->buildchar[i] = 0;
1910 }
1911 }
1912 break;
1913
1914 case cff_op_blend:
1915 /* this operator was removed from the Type2 specification */
1916 /* in version 16-March-2000 */
1917 {
1918 FT_Int num_results = (FT_Int)( args[0] >> 16 );
1919
1920
1921 FT_TRACE4(( " blend\n" ));
1922
1923 if ( num_results < 0 )
1924 goto Syntax_Error;
1925
1926 if ( num_results * (FT_Int)num_designs > num_args )
1927 goto Stack_Underflow;
1928
1929 /* since we currently don't handle interpolation of multiple */
1930 /* master fonts, return the `num_results' values of the */
1931 /* first master */
1932 args -= num_results * ( num_designs - 1 );
1933 num_args -= num_results * ( num_designs - 1 );
1934 }
1935 break;
1936
1937 case cff_op_dotsection:
1938 /* this operator is deprecated and ignored by the parser */
1939 FT_TRACE4(( " dotsection\n" ));
1940 break;
1941
1942 case cff_op_closepath:
1943 /* this is an invalid Type 2 operator; however, there */
1944 /* exist fonts which are incorrectly converted from probably */
1945 /* Type 1 to CFF, and some parsers seem to accept it */
1946
1947 FT_TRACE4(( " closepath (invalid op)\n" ));
1948
1949 args = stack;
1950 break;
1951
1952 case cff_op_hsbw:
1953 /* this is an invalid Type 2 operator; however, there */
1954 /* exist fonts which are incorrectly converted from probably */
1955 /* Type 1 to CFF, and some parsers seem to accept it */
1956
1957 FT_TRACE4(( " hsbw (invalid op)\n" ));
1958
1959 decoder->glyph_width =
1960 ADD_LONG( decoder->nominal_width, ( args[1] >> 16 ) );
1961
1962 decoder->builder.left_bearing.x = args[0];
1963 decoder->builder.left_bearing.y = 0;
1964
1965 x = ADD_LONG( decoder->builder.pos_x, args[0] );
1966 y = decoder->builder.pos_y;
1967 args = stack;
1968 break;
1969
1970 case cff_op_sbw:
1971 /* this is an invalid Type 2 operator; however, there */
1972 /* exist fonts which are incorrectly converted from probably */
1973 /* Type 1 to CFF, and some parsers seem to accept it */
1974
1975 FT_TRACE4(( " sbw (invalid op)\n" ));
1976
1977 decoder->glyph_width =
1978 ADD_LONG( decoder->nominal_width, ( args[2] >> 16 ) );
1979
1980 decoder->builder.left_bearing.x = args[0];
1981 decoder->builder.left_bearing.y = args[1];
1982
1983 x = ADD_LONG( decoder->builder.pos_x, args[0] );
1984 y = ADD_LONG( decoder->builder.pos_y, args[1] );
1985 args = stack;
1986 break;
1987
1988 case cff_op_setcurrentpoint:
1989 /* this is an invalid Type 2 operator; however, there */
1990 /* exist fonts which are incorrectly converted from probably */
1991 /* Type 1 to CFF, and some parsers seem to accept it */
1992
1993 FT_TRACE4(( " setcurrentpoint (invalid op)\n" ));
1994
1995 x = ADD_LONG( decoder->builder.pos_x, args[0] );
1996 y = ADD_LONG( decoder->builder.pos_y, args[1] );
1997 args = stack;
1998 break;
1999
2000 case cff_op_callothersubr:
2001 /* this is an invalid Type 2 operator; however, there */
2002 /* exist fonts which are incorrectly converted from probably */
2003 /* Type 1 to CFF, and some parsers seem to accept it */
2004
2005 FT_TRACE4(( " callothersubr (invalid op)\n" ));
2006
2007 /* subsequent `pop' operands should add the arguments, */
2008 /* this is the implementation described for `unknown' other */
2009 /* subroutines in the Type1 spec. */
2010 /* */
2011 /* XXX Fix return arguments (see discussion below). */
2012 args -= 2 + ( args[-2] >> 16 );
2013 if ( args < stack )
2014 goto Stack_Underflow;
2015 break;
2016
2017 case cff_op_pop:
2018 /* this is an invalid Type 2 operator; however, there */
2019 /* exist fonts which are incorrectly converted from probably */
2020 /* Type 1 to CFF, and some parsers seem to accept it */
2021
2022 FT_TRACE4(( " pop (invalid op)\n" ));
2023
2024 /* XXX Increasing `args' is wrong: After a certain number of */
2025 /* `pop's we get a stack overflow. Reason for doing it is */
2026 /* code like this (actually found in a CFF font): */
2027 /* */
2028 /* 17 1 3 callothersubr */
2029 /* pop */
2030 /* callsubr */
2031 /* */
2032 /* Since we handle `callothersubr' as a no-op, and */
2033 /* `callsubr' needs at least one argument, `pop' can't be a */
2034 /* no-op too as it basically should be. */
2035 /* */
2036 /* The right solution would be to provide real support for */
2037 /* `callothersubr' as done in `t1decode.c', however, given */
2038 /* the fact that CFF fonts with `pop' are invalid, it is */
2039 /* questionable whether it is worth the time. */
2040 args++;
2041 break;
2042
2043 case cff_op_and:
2044 {
2045 FT_Fixed cond = ( args[0] && args[1] );
2046
2047
2048 FT_TRACE4(( " and\n" ));
2049
2050 args[0] = cond ? 0x10000L : 0;
2051 args++;
2052 }
2053 break;
2054
2055 case cff_op_or:
2056 {
2057 FT_Fixed cond = ( args[0] || args[1] );
2058
2059
2060 FT_TRACE4(( " or\n" ));
2061
2062 args[0] = cond ? 0x10000L : 0;
2063 args++;
2064 }
2065 break;
2066
2067 case cff_op_not:
2068 {
2069 FT_Fixed cond = !args[0];
2070
2071
2072 FT_TRACE4(( " not\n" ));
2073
2074 args[0] = cond ? 0x10000L : 0;
2075 args++;
2076 }
2077 break;
2078
2079 case cff_op_eq:
2080 {
2081 FT_Fixed cond = ( args[0] == args[1] );
2082
2083
2084 FT_TRACE4(( " eq\n" ));
2085
2086 args[0] = cond ? 0x10000L : 0;
2087 args++;
2088 }
2089 break;
2090
2091 case cff_op_ifelse:
2092 {
2093 FT_Fixed cond = ( args[2] <= args[3] );
2094
2095
2096 FT_TRACE4(( " ifelse\n" ));
2097
2098 if ( !cond )
2099 args[0] = args[1];
2100 args++;
2101 }
2102 break;
2103
2104 case cff_op_callsubr:
2105 {
2106 FT_UInt idx = (FT_UInt)( ( args[0] >> 16 ) +
2107 decoder->locals_bias );
2108
2109
2110 FT_TRACE4(( " callsubr (idx %d, entering level %d)\n",
2111 idx,
2112 zone - decoder->zones + 1 ));
2113
2114 if ( idx >= decoder->num_locals )
2115 {
2116 FT_ERROR(( "cff_decoder_parse_charstrings:"
2117 " invalid local subr index\n" ));
2118 goto Syntax_Error;
2119 }
2120
2121 if ( zone - decoder->zones >= CFF_MAX_SUBRS_CALLS )
2122 {
2123 FT_ERROR(( "cff_decoder_parse_charstrings:"
2124 " too many nested subrs\n" ));
2125 goto Syntax_Error;
2126 }
2127
2128 zone->cursor = ip; /* save current instruction pointer */
2129
2130 zone++;
2131 zone->base = decoder->locals[idx];
2132 zone->limit = decoder->locals[idx + 1];
2133 zone->cursor = zone->base;
2134
2135 if ( !zone->base || zone->limit == zone->base )
2136 {
2137 FT_ERROR(( "cff_decoder_parse_charstrings:"
2138 " invoking empty subrs\n" ));
2139 goto Syntax_Error;
2140 }
2141
2142 decoder->zone = zone;
2143 ip = zone->base;
2144 limit = zone->limit;
2145 }
2146 break;
2147
2148 case cff_op_callgsubr:
2149 {
2150 FT_UInt idx = (FT_UInt)( ( args[0] >> 16 ) +
2151 decoder->globals_bias );
2152
2153
2154 FT_TRACE4(( " callgsubr (idx %d, entering level %d)\n",
2155 idx,
2156 zone - decoder->zones + 1 ));
2157
2158 if ( idx >= decoder->num_globals )
2159 {
2160 FT_ERROR(( "cff_decoder_parse_charstrings:"
2161 " invalid global subr index\n" ));
2162 goto Syntax_Error;
2163 }
2164
2165 if ( zone - decoder->zones >= CFF_MAX_SUBRS_CALLS )
2166 {
2167 FT_ERROR(( "cff_decoder_parse_charstrings:"
2168 " too many nested subrs\n" ));
2169 goto Syntax_Error;
2170 }
2171
2172 zone->cursor = ip; /* save current instruction pointer */
2173
2174 zone++;
2175 zone->base = decoder->globals[idx];
2176 zone->limit = decoder->globals[idx + 1];
2177 zone->cursor = zone->base;
2178
2179 if ( !zone->base || zone->limit == zone->base )
2180 {
2181 FT_ERROR(( "cff_decoder_parse_charstrings:"
2182 " invoking empty subrs\n" ));
2183 goto Syntax_Error;
2184 }
2185
2186 decoder->zone = zone;
2187 ip = zone->base;
2188 limit = zone->limit;
2189 }
2190 break;
2191
2192 case cff_op_return:
2193 FT_TRACE4(( " return (leaving level %d)\n",
2194 decoder->zone - decoder->zones ));
2195
2196 if ( decoder->zone <= decoder->zones )
2197 {
2198 FT_ERROR(( "cff_decoder_parse_charstrings:"
2199 " unexpected return\n" ));
2200 goto Syntax_Error;
2201 }
2202
2203 decoder->zone--;
2204 zone = decoder->zone;
2205 ip = zone->cursor;
2206 limit = zone->limit;
2207 break;
2208
2209 default:
2210 FT_ERROR(( "Unimplemented opcode: %d", ip[-1] ));
2211
2212 if ( ip[-1] == 12 )
2213 FT_ERROR(( " %d", ip[0] ));
2214 FT_ERROR(( "\n" ));
2215
2216 return FT_THROW( Unimplemented_Feature );
2217 }
2218
2219 decoder->top = args;
2220
2221 if ( decoder->top - stack >= CFF_MAX_OPERANDS )
2222 goto Stack_Overflow;
2223
2224 } /* general operator processing */
2225
2226 } /* while ip < limit */
2227
2228 FT_TRACE4(( "..end..\n\n" ));
2229
2230 Fail:
2231 return error;
2232
2233 MM_Error:
2234 FT_TRACE4(( "cff_decoder_parse_charstrings:"
2235 " invalid opcode found in top DICT charstring\n"));
2236 return FT_THROW( Invalid_File_Format );
2237
2238 Syntax_Error:
2239 FT_TRACE4(( "cff_decoder_parse_charstrings: syntax error\n" ));
2240 return FT_THROW( Invalid_File_Format );
2241
2242 Stack_Underflow:
2243 FT_TRACE4(( "cff_decoder_parse_charstrings: stack underflow\n" ));
2244 return FT_THROW( Too_Few_Arguments );
2245
2246 Stack_Overflow:
2247 FT_TRACE4(( "cff_decoder_parse_charstrings: stack overflow\n" ));
2248 return FT_THROW( Stack_Overflow );
2249 }
2250
2251 #endif /* CFF_CONFIG_OPTION_OLD_ENGINE */
2252
2253
2254 /*************************************************************************/
2255 /* */
2256 /* <Function> */
2257 /* cff_decoder_init */
2258 /* */
2259 /* <Description> */
2260 /* Initializes a given glyph decoder. */
2261 /* */
2262 /* <InOut> */
2263 /* decoder :: A pointer to the glyph builder to initialize. */
2264 /* */
2265 /* <Input> */
2266 /* face :: The current face object. */
2267 /* */
2268 /* size :: The current size object. */
2269 /* */
2270 /* slot :: The current glyph object. */
2271 /* */
2272 /* hinting :: Whether hinting is active. */
2273 /* */
2274 /* hint_mode :: The hinting mode. */
2275 /* */
2276 FT_LOCAL_DEF( void )
2277 cff_decoder_init( CFF_Decoder* decoder,
2278 TT_Face face,
2279 CFF_Size size,
2280 CFF_GlyphSlot slot,
2281 FT_Bool hinting,
2282 FT_Render_Mode hint_mode,
2283 CFF_Decoder_Get_Glyph_Callback get_callback,
2284 CFF_Decoder_Free_Glyph_Callback free_callback )
2285 {
2286 CFF_Font cff = (CFF_Font)face->extra.data;
2287
2288
2289 /* clear everything */
2290 FT_ZERO( decoder );
2291
2292 /* initialize builder */
2293 cff_builder_init( &decoder->builder, face, size, slot, hinting );
2294
2295 /* initialize Type2 decoder */
2296 decoder->cff = cff;
2297 decoder->num_globals = cff->global_subrs_index.count;
2298 decoder->globals = cff->global_subrs;
2299 decoder->globals_bias = cff_compute_bias(
2300 cff->top_font.font_dict.charstring_type,
2301 decoder->num_globals );
2302
2303 decoder->hint_mode = hint_mode;
2304
2305 decoder->get_glyph_callback = get_callback;
2306 decoder->free_glyph_callback = free_callback;
2307 }
2308
2309
2310 /* this function is used to select the subfont */
2311 /* and the locals subrs array */
2312 FT_LOCAL_DEF( FT_Error )
2313 cff_decoder_prepare( CFF_Decoder* decoder,
2314 CFF_Size size,
2315 FT_UInt glyph_index )
2316 {
2317 CFF_Builder *builder = &decoder->builder;
2318 CFF_Font cff = (CFF_Font)builder->face->extra.data;
2319 CFF_SubFont sub = &cff->top_font;
2320 FT_Error error = FT_Err_Ok;
2321
2322 FT_Service_CFFLoad cffload = (FT_Service_CFFLoad)cff->cffload;
2323
2324
2325 /* manage CID fonts */
2326 if ( cff->num_subfonts )
2327 {
2328 FT_Byte fd_index = cffload->fd_select_get( &cff->fd_select,
2329 glyph_index );
2330
2331
2332 if ( fd_index >= cff->num_subfonts )
2333 {
2334 FT_TRACE4(( "cff_decoder_prepare: invalid CID subfont index\n" ));
2335 error = FT_THROW( Invalid_File_Format );
2336 goto Exit;
2337 }
2338
2339 FT_TRACE3(( " in subfont %d:\n", fd_index ));
2340
2341 sub = cff->subfonts[fd_index];
2342
2343 if ( builder->hints_funcs && size )
2344 {
2345 FT_Size ftsize = FT_SIZE( size );
2346 CFF_Internal internal = (CFF_Internal)ftsize->internal->module_data;
2347
2348
2349 /* for CFFs without subfonts, this value has already been set */
2350 builder->hints_globals = (void *)internal->subfonts[fd_index];
2351 }
2352 }
2353
2354 decoder->num_locals = sub->local_subrs_index.count;
2355 decoder->locals = sub->local_subrs;
2356 decoder->locals_bias = cff_compute_bias(
2357 decoder->cff->top_font.font_dict.charstring_type,
2358 decoder->num_locals );
2359
2360 decoder->glyph_width = sub->private_dict.default_width;
2361 decoder->nominal_width = sub->private_dict.nominal_width;
2362
2363 decoder->current_subfont = sub;
2364
2365 Exit:
2366 return error;
2367 }
2368
2369
2370 /* END */