kc3-lang/freetype

Browse

Commit fae4ec05251a399c9f90c8ca813d0681e7f62e7b

Werner Lemberg 2016-07-29T06:43:32

[sfnt, truetype] Don't abort on invalid `maxComponentDepth'. Since 2016-05-16 we detect infinite recursion directly. * src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust `maxComponentDepth'. * src/truetype/ttgload.c (load_truetype_glyph): Don't abort if `maxComponentDepth' is not valid. Instead, simply adjust its value and emit a tracing message. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

diff --git a/ChangeLog b/ChangeLog
index 36ca399..4254ed4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2016-07-29  Werner Lemberg  <wl@gnu.org>
+
+	[sfnt, truetype] Don't abort on invalid `maxComponentDepth'.
+
+	Since 2016-05-16 we detect infinite recursion directly.
+
+	* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
+	`maxComponentDepth'.
+	* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
+	`maxComponentDepth' is not valid.  Instead, simply adjust its value
+	and emit a tracing message.
+
 2016-07-26  Werner Lemberg  <wl@gnu.org>
 
 	* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Minor.
diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c
index 2f5b2c3..ed80a9c 100644
--- a/src/sfnt/ttload.c
+++ b/src/sfnt/ttload.c
@@ -775,15 +775,6 @@
 
         maxProfile->maxTwilightPoints = 0xFFFFU - 4;
       }
-
-      /* we arbitrarily limit recursion to avoid stack exhaustion */
-      if ( maxProfile->maxComponentDepth > 100 )
-      {
-        FT_TRACE0(( "tt_face_load_maxp:"
-                    " abnormally large component depth (%d) set to 100\n",
-                    maxProfile->maxComponentDepth ));
-        maxProfile->maxComponentDepth = 100;
-      }
     }
 
     FT_TRACE3(( "numGlyphs: %u\n", maxProfile->numGlyphs ));
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 8be9b6a..cb99c7e 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1436,13 +1436,12 @@
       FT_TRACE5(( "  nesting level: %d\n", recurse_count ));
 #endif
 
-    /* some fonts have an incorrect value of `maxComponentDepth', */
-    /* thus we allow depth 1 to catch the majority of them        */
-    if ( recurse_count > 1                                   &&
-         recurse_count > face->max_profile.maxComponentDepth )
+    /* some fonts have an incorrect value of `maxComponentDepth' */
+    if ( recurse_count > face->max_profile.maxComponentDepth )
     {
-      error = FT_THROW( Invalid_Composite );
-      goto Exit;
+      FT_TRACE1(( "load_truetype_glyph: maxComponentDepth set to %d\n",
+                  recurse_count ));
+      face->max_profile.maxComponentDepth = recurse_count;
     }
 
 #ifndef FT_CONFIG_OPTION_INCREMENTAL
kmx.io     mail     discord kmxgit v0.4.0