A couple bugs joined forces to exhibit the mystery behavior of
crashes / infinite loops on OS X / wrong kerning / invalid memory
access. Pooh!
The bugs were involved:
- Wrong pointer math with ValueRecord in PairPosFormat1
- Fallout from avoiding flex arrays, code not correctly updated
to remove sizeof() usage.
We strictly never use sizeof() directly now. And the PairPos code
is cleaned up. Should fix them all. Bugs are:
Bug 605655 - Pango 1.26.2 introduces kerning bug
Bug 611229 - Pango reads from uninitialized memory
Bug 593240 - (pangoosx) Crash / infinite loop with Mac OS X
We were also doing wrong math converting Device adjustments to
hb_position_t. Fallout from FreeType days. Should shift 16, not
6. Fixed that too.
There's still another bug: we don't sanitize Device records
referenced from value records. Fixing that also.
Behdad Esfahbod