< prev index next >
src/java.desktop/share/native/libfreetype/src/truetype/ttinterp.c
Print this page
@@ -2,11 +2,11 @@
*
* ttinterp.c
*
* TrueType bytecode interpreter (body).
*
- * Copyright (C) 1996-2019 by
+ * Copyright (C) 1996-2020 by
* David Turner, Robert Wilhelm, and Werner Lemberg.
*
* This file is part of the FreeType project, and may only be used,
* modified, and distributed under the terms of the FreeType project
* license, LICENSE.TXT. By continuing to use, modify, or distribute
@@ -3716,11 +3716,11 @@
/* some font programs are broken enough to redefine functions! */
/* We will then parse the current table. */
rec = exc->FDefs;
- limit = rec + exc->numFDefs;
+ limit = FT_OFFSET( rec, exc->numFDefs );
n = (FT_ULong)args[0];
for ( ; rec < limit; rec++ )
{
if ( rec->opc == n )
@@ -3963,10 +3963,13 @@
F = (FT_ULong)args[0];
if ( BOUNDSL( F, exc->maxFunc + 1 ) )
goto Fail;
+ if ( !exc->FDefs )
+ goto Fail;
+
/* Except for some old Apple fonts, all functions in a TrueType */
/* font are defined in increasing order, starting from 0. This */
/* means that we normally have */
/* */
/* exc->maxFunc+1 == exc->numFDefs */
@@ -4060,19 +4063,19 @@
/* exc->maxFunc+1 == exc->numFDefs */
/* exc->FDefs[n].opc == n for n in 0..exc->maxFunc */
/* */
/* If this isn't true, we need to look up the function table. */
- def = exc->FDefs + F;
+ def = FT_OFFSET( exc->FDefs, F );
if ( exc->maxFunc + 1 != exc->numFDefs || def->opc != F )
{
/* look up the FDefs table */
TT_DefRecord* limit;
def = exc->FDefs;
- limit = def + exc->numFDefs;
+ limit = FT_OFFSET( def, exc->numFDefs );
while ( def < limit && def->opc != F )
def++;
if ( def == limit )
@@ -4148,11 +4151,11 @@
}
/* First of all, look for the same function in our table */
def = exc->IDefs;
- limit = def + exc->numIDefs;
+ limit = FT_OFFSET( def, exc->numIDefs );
for ( ; def < limit; def++ )
if ( def->opc == (FT_ULong)args[0] )
break;
@@ -6344,16 +6347,18 @@
/* UNDOCUMENTED! The MS rasterizer does that with */
/* twilight points (confirmed by Greg Hitchcock) */
if ( exc->GS.gep1 == 0 )
{
- exc->zp1.org[point].x = exc->zp0.org[exc->GS.rp0].x +
+ exc->zp1.org[point].x = ADD_LONG(
+ exc->zp0.org[exc->GS.rp0].x,
TT_MulFix14( cvt_dist,
- exc->GS.freeVector.x );
- exc->zp1.org[point].y = exc->zp0.org[exc->GS.rp0].y +
+ exc->GS.freeVector.x ) );
+ exc->zp1.org[point].y = ADD_LONG(
+ exc->zp0.org[exc->GS.rp0].y,
TT_MulFix14( cvt_dist,
- exc->GS.freeVector.y );
+ exc->GS.freeVector.y ) );
exc->zp1.cur[point] = exc->zp1.org[point];
}
org_dist = DUALPROJ( &exc->zp1.org[point], &exc->zp0.org[exc->GS.rp0] );
cur_dist = PROJECT ( &exc->zp1.cur[point], &exc->zp0.cur[exc->GS.rp0] );
@@ -7713,11 +7718,11 @@
static void
Ins_UNKNOWN( TT_ExecContext exc )
{
TT_DefRecord* def = exc->IDefs;
- TT_DefRecord* limit = def + exc->numIDefs;
+ TT_DefRecord* limit = FT_OFFSET( def, exc->numIDefs );
for ( ; def < limit; def++ )
{
if ( (FT_Byte)def->opc == exc->opcode && def->active )
@@ -7865,11 +7870,11 @@
exc->loopcall_counter_max = FT_MAX( 50,
10 * exc->pts.n_points ) +
FT_MAX( 50,
exc->cvtSize / 10 );
else
- exc->loopcall_counter_max = 300 + 8 * exc->cvtSize;
+ exc->loopcall_counter_max = 300 + 22 * exc->cvtSize;
/* as a protection against an unreasonable number of CVT entries */
/* we assume at most 100 control values per glyph for the counter */
if ( exc->loopcall_counter_max >
100 * (FT_ULong)exc->face->root.num_glyphs )
@@ -8565,11 +8570,11 @@
{
/* looking for redefined instructions */
case FT_ERR( Invalid_Opcode ):
{
TT_DefRecord* def = exc->IDefs;
- TT_DefRecord* limit = def + exc->numIDefs;
+ TT_DefRecord* limit = FT_OFFSET( def, exc->numIDefs );
for ( ; def < limit; def++ )
{
if ( def->active && exc->opcode == (FT_Byte)def->opc )
< prev index next >