review.tizen.org Git - platform/upstream/pango.git/commit

author	Behdad Esfahbod <behdad@behdad.org>
	Tue, 16 Mar 2010 07:46:17 +0000 (03:46 -0400)
committer	Behdad Esfahbod <behdad@behdad.org>
	Tue, 16 Mar 2010 08:20:25 +0000 (04:20 -0400)
commit	9cac172f82dd492d068590434199989021be236e
tree	b773098f5c09b7cafbd7e39cea5016b178210f8a	tree \| snapshot
parent	7ee9ab4b2519131a9753499175ec43871232c84d	commit \| diff

[HB] Fix the mystery bug!

A couple bugs joined forces to exhibit the mystery behavior of
crashes / infinite loops on OS X / wrong kerning / invalid memory
access.  Pooh!

The bugs were involved:

  - Wrong pointer math with ValueRecord in PairPosFormat1

  - Fallout from avoiding flex arrays, code not correctly updated
    to remove sizeof() usage.

We strictly never use sizeof() directly now.  And the PairPos code
is cleaned up.  Should fix them all.  Bugs are:

  Bug 605655 - Pango 1.26.2 introduces kerning bug
  Bug 611229 - Pango reads from uninitialized memory
  Bug 593240 - (pangoosx) Crash / infinite loop with Mac OS X

We were also doing wrong math converting Device adjustments to
hb_position_t.  Fallout from FreeType days.  Should shift 16, not
6.  Fixed that too.

There's still another bug: we don't sanitize Device records
referenced from value records.  Fixing that also.

pango/opentype/hb-open-file-private.hh		diff \| blob \| history
pango/opentype/hb-open-type-private.hh		diff \| blob \| history
pango/opentype/hb-ot-layout-common-private.hh		diff \| blob \| history
pango/opentype/hb-ot-layout-gpos-private.hh		diff \| blob \| history
pango/opentype/hb-ot-layout-gsubgpos-private.hh		diff \| blob \| history