ref: 33febc0fb224ae834bec9d7953c6b8c6e40aecf6
parent: dbac48f0b4dbb3cbbb0ef7ba254f0fd8800c7c84
author: Werner Lemberg <[email protected]>
date: Sat Oct 9 03:07:43 EDT 2004
* docs/CHANGES: Updated. Fix handling of NPUSHW if skipped in data stream. * src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW to -2. (SkipCode, TT_RunIns): Use opcode_length value for computation of bytes to be skipped.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2004-10-09 Werner Lemberg <[email protected]>
+
+ * docs/CHANGES: Updated.
+
+2004-10-09 Boris Letocha <[email protected]>
+
+ Fix handling of NPUSHW if skipped in data stream.
+
+ * src/truetype/ttinterp.c (opcode_length): Set value for NPUSHW
+ to -2.
+ (SkipCode, TT_RunIns): Use opcode_length value for computation of
+ bytes to be skipped.
+
2004-09-10 Jouk Jansen <[email protected]>
* vms_make.com: Updated.
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -9,7 +9,11 @@
- The stroker still had some serious bugs.
+ - Boris Letocha fixed a bug in the TrueType interpreter: The
+ NPUSHW instruction wasn't skipped correctly in IF clauses. Some
+ fonts like `Helvetica 75 Bold' failed.
+
II. IMPORTANT CHANGES
- George Williams contributed code to read kerning data from PFM
@@ -26,7 +30,7 @@
- A new API `FT_OpenType_Validate' (in FT_OPENTYPE_VALIDATE_H) has
been added to validate OpenType tables (BASE, GDEF, GPOS, GSUB,
JSTF). After validation it is no longer necessary to check
- for errors in those tables.
+ for errors in those tables while accessing them.
LATEST CHANGES BETWEEN 2.1.9 and 2.1.8
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -844,7 +844,7 @@
/*************************************************************************/
/* */
/* Before an opcode is executed, the interpreter verifies that there are */
- /* enough arguments on the stack, with the help of the Pop_Push_Count */
+ /* enough arguments on the stack, with the help of the `Pop_Push_Count' */
/* table. */
/* */
/* For each opcode, the first column gives the number of arguments that */
@@ -851,16 +851,11 @@
/* are popped from the stack; the second one gives the number of those */
/* that are pushed in result. */
/* */
- /* Note that for opcodes with a varying number of parameters, either 0 */
- /* or 1 arg is verified before execution, depending on the nature of the */
- /* instruction: */
+ /* Opcodes which have a varying number of parameters in the data stream */
+ /* (NPUSHB, NPUSHW) are handled specially; they have a negative value in */
+ /* the `opcode_length' table, and the value in `Pop_Push_Count' is set */
+ /* to zero. */
/* */
- /* - if the number of arguments is given by the bytecode stream or the */
- /* loop variable, 0 is chosen. */
- /* */
- /* - if the first argument is a count n that is followed by arguments */
- /* a1 .. an, then 1 is chosen. */
- /* */
/*************************************************************************/
@@ -1156,7 +1151,7 @@
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- -1,-1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ -1,-2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -4161,7 +4156,7 @@
{if ( CUR.IP + 1 > CUR.codeSize )
goto Fail_Overflow;
- CUR.length = CUR.code[CUR.IP + 1] + 2;
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
}
if ( CUR.IP + CUR.length <= CUR.codeSize )
@@ -7044,7 +7039,7 @@
if ( CUR.IP + 1 > CUR.codeSize )
goto LErrorCodeOverflow_;
- CUR.length = CUR.code[CUR.IP + 1] + 2;
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
}
if ( CUR.IP + CUR.length > CUR.codeSize )