Another mitigation strategy is to just detect and drop cycles, when eg. processing composite glyphs, we keep a list of currently-active glyphIDs and refuse to recurse infinitely.
One thing we currently don't do in HB, which is causing problems, is to use a unified work counter across different parts of the code. What I mean is this: We have one work counter when getting glyph outline from the glyf table. And we have a separate work counter in the VARC table. But the two when combined currently can do too much work because we use separate counters, so their limits are multiplied...
Good stuff. Thank you Garret. A couple notes:
Another mitigation strategy is to just detect and drop cycles, when eg. processing composite glyphs, we keep a list of currently-active glyphIDs and refuse to recurse infinitely.
One thing we currently don't do in HB, which is causing problems, is to use a unified work counter across different parts of the code. What I mean is this: We have one work counter when getting glyph outline from the
glyftable. And we have a separate work counter in theVARCtable. But the two when combined currently can do too much work because we use separate counters, so their limits are multiplied...