* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.

Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.
8 years ago · 8d435c463d
parent e66d7300fe
commit 8d435c463d
2 changed files with 11 additions and 2 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+2017-06-01  Werner Lemberg  <wl@gnu.org>
+
+	* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.
+
+	Problem reported by Marek Kašík <mkasik@redhat.com>.
+
+	The problematic font that exceeds the old limit is Padauk-Bold,
+	version 3.002, containing bytecode generated by a buggy version of
+	ttfautohint.
+
 2017-05-31  Werner Lemberg  <wl@gnu.org>

 	[cff] 32bit integer overflow run-time errors 2/2 (#46149).
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@ -7649,8 +7649,7 @@
                                  FT_MAX( 50,
                                          exc->cvtSize / 10 );
    else
-      exc->loopcall_counter_max = FT_MAX( 100,
-                                          10 * exc->cvtSize );
+      exc->loopcall_counter_max = 300 + 8 * exc->cvtSize;

    /* as a protection against an unreasonable number of CVT entries  */
    /* we assume at most 100 control values per glyph for the counter */