From 4f351754bbb91795b373e12c2c004f59c071af1d Mon Sep 17 00:00:00 2001 From: Michiharu Ariza Date: Tue, 26 Mar 2019 20:35:01 -0700 Subject: [PATCH] add recursion checks --- src/hb-ot-glyf-table.hh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/hb-ot-glyf-table.hh b/src/hb-ot-glyf-table.hh index 6f0c629e9..f63fdf508 100644 --- a/src/hb-ot-glyf-table.hh +++ b/src/hb-ot-glyf-table.hh @@ -539,10 +539,11 @@ struct glyf read_points (p, points_, checker)); } - /* Note: Recursively calls itself. Who's checking recursively nested composite glyph BTW? */ + /* Note: Recursively calls itself. */ bool get_var_metrics (hb_codepoint_t glyph, const int *coords, unsigned int coord_count, - contour_point_vector_t &phantoms /* OUT */) const + contour_point_vector_t &phantoms /* OUT */, + unsigned int depth) const { contour_point_vector_t points; hb_vector_t end_points; @@ -561,8 +562,9 @@ struct glyf { if (composite.current->flags & CompositeGlyphHeader::USE_MY_METRICS) { - if (unlikely (!get_var_metrics (composite.current->glyphIndex, coords, coord_count, - phantoms))) return false; + if (unlikely (depth >= HB_MAX_NESTING_LEVEL || + !get_var_metrics (composite.current->glyphIndex, coords, coord_count, + phantoms, depth+1))) return false; composite.current->transform_points (phantoms); } @@ -593,7 +595,8 @@ struct glyf */ bool get_points_var (hb_codepoint_t glyph, const int *coords, unsigned int coord_count, - contour_point_vector_t &all_points /* OUT */) const + contour_point_vector_t &all_points /* OUT */, + unsigned int depth) const { contour_point_vector_t points; hb_vector_t end_points; @@ -616,8 +619,9 @@ struct glyf do { contour_point_vector_t comp_points; - if (unlikely (!get_points_var (composite.current->glyphIndex, coords, coord_count, - comp_points))) return false; + if (unlikely (depth >= HB_MAX_NESTING_LEVEL || + !get_points_var (composite.current->glyphIndex, coords, coord_count, + comp_points, depth+1))) return false; /* Apply component transformation & translation */ composite.current->transform_points (comp_points); @@ -661,7 +665,7 @@ struct glyf hb_glyph_extents_t *extents) const { contour_point_vector_t all_points; - if (unlikely (!get_points_var (glyph, coords, coord_count, all_points))) return false; + if (unlikely (!get_points_var (glyph, coords, coord_count, all_points, 0))) return false; contour_bounds_t bounds; for (unsigned int i = 0; i < all_points.length; i++) @@ -859,7 +863,7 @@ struct glyf phantoms.resize (PHANTOM_COUNT); if (likely (coord_count == gvar_accel.get_axis_count ())) - success = get_var_metrics (glyph, coords, coord_count, phantoms); + success = get_var_metrics (glyph, coords, coord_count, phantoms, 0); if (unlikely (!success)) return vertical? vmtx_accel.get_advance (glyph): hmtx_accel.get_advance (glyph); @@ -875,7 +879,7 @@ struct glyf contour_point_vector_t phantoms; phantoms.resize (PHANTOM_COUNT); - if (unlikely (!get_var_metrics (glyph, coords, coord_count, phantoms))) + if (unlikely (!get_var_metrics (glyph, coords, coord_count, phantoms, 0))) return vertical? vmtx_accel.get_side_bearing (glyph): hmtx_accel.get_side_bearing (glyph); return (int)(vertical? -ceilf (phantoms[PHANTOM_TOP].y): floorf (phantoms[PHANTOM_LEFT].x));