summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWerner Lemberg <wl@gnu.org>2017-06-01 07:09:44 +0200
committerWerner Lemberg <wl@gnu.org>2017-06-01 07:09:44 +0200
commit8d435c463d22f6de35015b244d6f9bb433beb7e6 (patch)
tree747ffbae712d7d39701fefc6a367cb970efbb935
parente66d7300fec2f9fc60e43a924af1972b07ee316b (diff)
downloadfreetype2-8d435c463d22f6de35015b244d6f9bb433beb7e6.tar.gz
* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.
Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.
Diffstat
-rw-r--r--ChangeLog10
-rw-r--r--src/truetype/ttinterp.c3
2 files changed, 11 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index c38b5af66..a0447129b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-06-01 Werner Lemberg <wl@gnu.org>
+
+ * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.
+
+ Problem reported by Marek Kašík <mkasik@redhat.com>.
+
+ The problematic font that exceeds the old limit is Padauk-Bold,
+ version 3.002, containing bytecode generated by a buggy version of
+ ttfautohint.
+
2017-05-31 Werner Lemberg <wl@gnu.org>
[cff] 32bit integer overflow run-time errors 2/2 (#46149).
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 0c48c2562..775d11047 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -7649,8 +7649,7 @@
FT_MAX( 50,
exc->cvtSize / 10 );
else
- exc->loopcall_counter_max = FT_MAX( 100,
- 10 * exc->cvtSize );
+ exc->loopcall_counter_max = 300 + 8 * exc->cvtSize;
/* as a protection against an unreasonable number of CVT entries */
/* we assume at most 100 control values per glyph for the counter */
View Lorry Controller Status