diff --git a/ChangeLog b/ChangeLog index c38b5af66..a0447129b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2017-06-01 Werner Lemberg + + * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. + + Problem reported by Marek Kašík . + + The problematic font that exceeds the old limit is Padauk-Bold, + version 3.002, containing bytecode generated by a buggy version of + ttfautohint. + 2017-05-31 Werner Lemberg [cff] 32bit integer overflow run-time errors 2/2 (#46149). diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 0c48c2562..775d11047 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -7649,8 +7649,7 @@ FT_MAX( 50, exc->cvtSize / 10 ); else - exc->loopcall_counter_max = FT_MAX( 100, - 10 * exc->cvtSize ); + exc->loopcall_counter_max = 300 + 8 * exc->cvtSize; /* as a protection against an unreasonable number of CVT entries */ /* we assume at most 100 control values per glyph for the counter */