[ots] Backport of "[glyf] Guard access to maxp version 1 field"

Bug: 1153329, 1158774 Change-Id: I6acd298f841f92a751f606d710415fe32343825f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2593261 Commit-Queue: Kenichi Ishibashi <bashi@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Auto-Submit: Dominik Röttsches <drott@chromium.org> Cr-Commit-Position: refs/heads/master@{#837353}

[ots] Backport of "[glyf] Guard access to maxp version 1 field"
Bug: 1153329, 1158774 Change-Id: I6acd298f841f92a751f606d710415fe32343825f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2593261 Commit-Queue: Kenichi Ishibashi <bashi@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Auto-Submit: Dominik Röttsches <drott@chromium.org> Cr-Commit-Position: refs/heads/master@{#837353}
fac68744 · Dominik Röttsches · Chromium LUCI CQ · 8252d72b · fac68744 · fac68744
Commit fac68744 authored Dec 16, 2020 by Dominik Röttsches Committed by Chromium LUCI CQ Dec 16, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 3 deletions

third_party/ots/README.chromium third_party/ots/README.chromium +2 -0

third_party/ots/src/glyf.cc third_party/ots/src/glyf.cc +6 -3

No files found.
--- a/third_party/ots/README.chromium
+++ b/third_party/ots/README.chromium
@@ -15,3 +15,5 @@ Local Modifications:
 - glyf.h, glyf.cc - Backport of "Sanitise values for fonts with invalid
  maxPoints and maxComponentPoints"
  https://github.com/khaledhosny/ots/pull/227
+- glyf.cc - Backport of "[glyf] Guard access to maxp version 1 field"
+  Upstream commit 1141c81c411b599e40496679129d0884715e8650
--- a/third_party/ots/src/glyf.cc
+++ b/third_party/ots/src/glyf.cc
@@ -99,7 +99,8 @@ bool OpenTypeGLYF::ParseSimpleGlyph(Buffer &glyph,
    num_flags = tmp_index + 1;
  }

-  if (num_flags > this->maxp->max_points) {
+  if (this->maxp->version_1 &&
+      num_flags > this->maxp->max_points) {
    Warning("Number of contour points exceeds maxp maxPoints, adjusting limit.");
    this->maxp->max_points = num_flags;
  }
@@ -336,7 +337,8 @@ bool OpenTypeGLYF::Parse(const uint8_t *data, size_t length) {
            std::numeric_limits<uint16_t>::max()) {
          return Error("Illegal composite points value "
                       "exceeding 0xFFFF for base glyph %d.", i);
-        } else if (component_point_count.accumulated_component_points >
+        } else if (this->maxp->version_1 &&
+                   component_point_count.accumulated_component_points >
                   this->maxp->max_c_points) {
          Warning("Number of composite points in glyph %d exceeds "
                  "maxp maxCompositePoints: %d vs %d, adjusting limit.",
@@ -413,7 +415,8 @@ bool OpenTypeGLYF::TraverseComponentsCountingPoints(
  if (level > std::numeric_limits<uint16_t>::max()) {
    return Error("Illegal component depth exceeding 0xFFFF in base glyph id %d.",
                 base_glyph_id);
-  } else if (level > this->maxp->max_c_depth) {
+  } else if (this->maxp->version_1 &&
+             level > this->maxp->max_c_depth) {
    this->maxp->max_c_depth = level;
    Warning("Component depth exceeds maxp maxComponentDepth "
            "in glyph %d, adjust limit to %d.",