ref: 8d435c463d22f6de35015b244d6f9bb433beb7e6
parent: e66d7300fec2f9fc60e43a924af1972b07ee316b
author: Werner Lemberg <[email protected]>
date: Thu Jun 1 03:09:44 EDT 2017
* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. Problem reported by Marek Kašík <[email protected]>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-06-01 Werner Lemberg <[email protected]>
+
+ * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.
+
+ Problem reported by Marek Kašík <[email protected]>.
+
+ The problematic font that exceeds the old limit is Padauk-Bold,
+ version 3.002, containing bytecode generated by a buggy version of
+ ttfautohint.
+
2017-05-31 Werner Lemberg <[email protected]>
[cff] 32bit integer overflow run-time errors 2/2 (#46149).
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -7649,8 +7649,7 @@
FT_MAX( 50,
exc->cvtSize / 10 );
else
- exc->loopcall_counter_max = FT_MAX( 100,
- 10 * exc->cvtSize );
+ exc->loopcall_counter_max = 300 + 8 * exc->cvtSize;
/* as a protection against an unreasonable number of CVT entries */
/* we assume at most 100 control values per glyph for the counter */