shithub: freetype+ttf2subf

Download patch

ref: fae4ec05251a399c9f90c8ca813d0681e7f62e7b
parent: d9c7f5aa6e5e9aa834ae574a45e157cbd97667a0
author: Werner Lemberg <[email protected]>
date: Fri Jul 29 02:43:32 EDT 2016 

[sfnt, truetype] Don't abort on invalid `maxComponentDepth'.

Since 2016-05-16 we detect infinite recursion directly.

* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
`maxComponentDepth'.
* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
`maxComponentDepth' is not valid.  Instead, simply adjust its value
and emit a tracing message.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2016-07-29  Werner Lemberg  <[email protected]>
+
+	[sfnt, truetype] Don't abort on invalid `maxComponentDepth'.
+
+	Since 2016-05-16 we detect infinite recursion directly.
+
+	* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
+	`maxComponentDepth'.
+	* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
+	`maxComponentDepth' is not valid.  Instead, simply adjust its value
+	and emit a tracing message.
+
 2016-07-26  Werner Lemberg  <[email protected]>
 
 	* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Minor.
--- a/src/sfnt/ttload.c
+++ b/src/sfnt/ttload.c
@@ -775,15 +775,6 @@
 
         maxProfile->maxTwilightPoints = 0xFFFFU - 4;
       }
-
-      /* we arbitrarily limit recursion to avoid stack exhaustion */
-      if ( maxProfile->maxComponentDepth > 100 )
-      {
-        FT_TRACE0(( "tt_face_load_maxp:"
-                    " abnormally large component depth (%d) set to 100\n",
-                    maxProfile->maxComponentDepth ));
-        maxProfile->maxComponentDepth = 100;
-      }
     }
 
     FT_TRACE3(( "numGlyphs: %u\n", maxProfile->numGlyphs ));
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1436,13 +1436,12 @@
       FT_TRACE5(( "  nesting level: %d\n", recurse_count ));
 #endif
 
-    /* some fonts have an incorrect value of `maxComponentDepth', */
-    /* thus we allow depth 1 to catch the majority of them        */
-    if ( recurse_count > 1                                   &&
-         recurse_count > face->max_profile.maxComponentDepth )
+    /* some fonts have an incorrect value of `maxComponentDepth' */
+    if ( recurse_count > face->max_profile.maxComponentDepth )
     {
-      error = FT_THROW( Invalid_Composite );
-      goto Exit;
+      FT_TRACE1(( "load_truetype_glyph: maxComponentDepth set to %d\n",
+                  recurse_count ));
+      face->max_profile.maxComponentDepth = recurse_count;
     }
 
 #ifndef FT_CONFIG_OPTION_INCREMENTAL