[truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208).

* devel/ftoption.h, include/freetype/config/ftoption.h
(TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro.

* src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed.
(TT_RunIns): Updated.

ChangeLog

@@ -1,3 +1,13 @@
+2015-10-15  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208).
+
+	* devel/ftoption.h, include/freetype/config/ftoption.h
+	(TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro.
+
+	* src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed.
+	(TT_RunIns): Updated.
+
 2015-10-15  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing.

devel/ftoption.h

@@ -692,6 +692,17 @@ FT_BEGIN_HEADER
 #define TT_CONFIG_OPTION_BDF
 
 
+  /*************************************************************************/
+  /*                                                                       */
+  /* Option TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES controls the maximum     */
+  /* number of bytecode instructions executed for a single run of the      */
+  /* bytecode interpreter, needed to prevent infinite loops.  You don't    */
+  /* want to change this except for very special situations (e.g., making  */
+  /* a library fuzzer spend less time to handle broken fonts).             */
+  /*                                                                       */
+#define TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES  1000000L
+
+
   /*************************************************************************/
   /*************************************************************************/
   /****                                                                 ****/

include/freetype/config/ftoption.h

@@ -692,6 +692,17 @@ FT_BEGIN_HEADER
 #define TT_CONFIG_OPTION_BDF
 
 
+  /*************************************************************************/
+  /*                                                                       */
+  /* Option TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES controls the maximum     */
+  /* number of bytecode instructions executed for a single run of the      */
+  /* bytecode interpreter, needed to prevent infinite loops.  You don't    */
+  /* want to change this except for very special situations (e.g., making  */
+  /* a library fuzzer spend less time to handle broken fonts).             */
+  /*                                                                       */
+#define TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES  1000000L
+
+
   /*************************************************************************/
   /*************************************************************************/
   /****                                                                 ****/

src/truetype/ttinterp.c

@@ -45,15 +45,6 @@
 #define FT_COMPONENT  trace_ttinterp
 
 
-  /*************************************************************************/
-  /*                                                                       */
-  /* In order to detect infinite loops in the code, we set up a counter    */
-  /* within the run loop.  A single stroke of interpretation is now        */
-  /* limited to a maximum number of opcodes defined below.                 */
-  /*                                                                       */
-#define MAX_RUNNABLE_OPCODES  1000000L
-
-
 #define SUBPIXEL_HINTING                                                     \
           ( ((TT_Driver)FT_FACE_DRIVER( exc->face ))->interpreter_version == \
             TT_INTERPRETER_VERSION_38 )
@@ -8230,7 +8221,7 @@
 
       /* increment instruction counter and check if we didn't */
       /* run this program for too long (e.g. infinite loops). */
-      if ( ++ins_counter > MAX_RUNNABLE_OPCODES )
+      if ( ++ins_counter > TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES )
         return FT_THROW( Execution_Too_Long );
 
     LSuiteLabel_: