search

adobe-type-tools / afdko

Adobe Font Development Kit for OpenType
https://adobe-type-tools.github.io/afdko/
Other
1.05k stars 167 forks source link

[tx] subroutinizer 64K limit #685

Closed blueshade7 closed 5 years ago

blueshade7 commented 5 years ago

Subroutinizing the attached CFF2 font generates an invalid charstring. uni7e7c.otf.zip

% cp uni7e7c.otf uni7e7c_subr.otf
% tx -cff2 -no_opt +S uni7e7c.otf uni7e7c_subr.cff2
tx: --- uni7e7c.otf
tx: (cfr) Warning: CharString of GID 1 is 68301 bytes long. CharStrings longer than 65535 bytes might not be supported by some implementations.
tx: (cfw) unhinted <gid00001>
tx: (cfw) subr stack depth exceeded (reduced)
% sfntedit -a CFF2=uni7e7c_subr.cff2 uni7e7c_subr.otf
% tx -3 uni7e7c_subr.otf
tx: --- uni7e7c_subr.otf

SNIP

  774.11 -405.42 774.77 -405.41 774.77 -407.93 curve
  774.77 -407.94 774.35 -407.95 772.56 -407.96 curve
tx: (cfr) (t2c) invalid operator <gid00001>
tx: (cfr) charstring parse error
%
blueshade7 commented 5 years ago

length > 64K appears to be overflowing unsigned short offsets in subroutinizer