Pango hard code freeze break notification

[Behdad Esfahbod <behdad behdad org>]

Hi,

There have been a mystery pango crasher on OS X, as well as an unacceptable
kerning regressions and invalid memory access on Linux.  I have been
scratching my head for a LOOONG time trying to figure these out and the latter
two are release blockers.  I finally debugged and fixed them all.  It was
actually three different bugs working together...

Anyway, I've committed the main fix, and working on the remainder.  Just to
let you know.  I'm not requesting permission since there's no way pango goes
out without these :P.  I just need to get confirmation from reporters as well
Windows build confirmation before I release pango.

Here's the commit log for your enjoyment:


    [HB] Fix the mystery bug!

    A couple bugs joined forces to exhibit the mystery behavior of
    crashes / infinite loops on OS X / wrong kerning / invalid memory
    access.  Pooh!

    The bugs were involved:

      - Wrong pointer math with ValueRecord in PairPosFormat1

      - Fallout from avoiding flex arrays, code not correctly updated
        to remove sizeof() usage.

    We strictly never use sizeof() directly now.  And the PairPos code
    is cleaned up.  Should fix them all.  Bugs are:

      Bug 605655 - Pango 1.26.2 introduces kerning bug
      Bug 611229 - Pango reads from uninitialized memory
      Bug 593240 - (pangoosx) Crash / infinite loop with Mac OS X

    We were also doing wrong math converting Device adjustments to
    hb_position_t.  Fallout from FreeType days.  Should shift 16, not
    6.  Fixed that too.

    There's still another bug: we don't sanitize Device records
    referenced from value records.  Fixing that also.


Cheers,
behdad