[mpeg-OTspec] RE: [OpenType] maxSizeOfInstructions

Terence Dowling terry at tdowling.com
Sat Jun 20 06:21:47 CEST 2015 

With respect to instructions, there are two things that are important to
consider:

1) what is the maximum number of instructions (bytes) for any glyph
program (a static value)

and

2) what is the maximum number of instructions that may be executed by
any glyph program (a dynamic value)

maxp addresses #1

nothing addresses #2 but this is important because even with small glyph
programs it is
possible to construct a malicious program that will execute an
essentially unbounded
number of instructions. Think of this as a denial of service attack via
a font program since
a single glyph program could take years to execute without some bound.

Robust font interpreters will impose some limit (either in time or
instruction count) that
isn't part of the public spec.

Terry

On 6/19/2015 6:35 AM, 'Levantovsky, Vladimir'
vladimir.levantovsky at monotype.com [mpeg-OTspec] wrote:
>  
>
> Greg, all,
>
> ISO spec is just about to undergo another revision and the amendment
> will be opened by the end of next week. If you can submit a proposed
> 'maxp' change I can add this to other amended items and considering we
> have no objections to the proposed changes we can make them into the
> spec fairly quickly. Please send the proposed spec update to the
> mpeg-OTspec at yahoogroups.com list.
>
> Thank you,
> Vladimir
>
>
> -----Original Message-----
> From: listmaster at indx.co.uk [mailto:listmaster at indx.co.uk] On Behalf
> Of Cosimo Lupo
> Sent: Friday, June 19, 2015 5:11 AM
> To: listmaster at indx.co.uk
> Subject: RE: [OpenType] maxSizeOfInstructions
>
> Message from OpenType list:
>
>
> >****** Attachments to this email message have been removed ******
>
> Thanks for your reply.
>
> If that is the case, it'd be good to update the wording of the maxp
> spec to reflect this. At the moment for maxSizeOfInstructions the spec
> only says the "maximum byte count for glyph instructions”, with no
> reference to fpgm or prep instructions (unlike maxStackElements, which
> has a footnote).
>
>
>
>
> All best,
>
>
>
>
> Cosimo
>
> On Wed, Jun 17, 2015 at 7:32 PM, Greg Hitchcock <gregh at microsoft.com>
> wrote:
>
> > Message from OpenType list:
> > It should be a maximum of the glyph instructions, the pre-program,
> and font program. I believe the value was important in an earlier
> version of the original Apple TrueType scaler, but with some
> architectural changes it became unnecessary. The current Microsoft
> TrueType rasterizer does not use this value.
> > maxStackElements, on the other hand, is quite important and it
> should also reflect the value across the glyph, pre-program, and
> font-program.
> > GregH
> > -----Original Message-----
> > From: listmaster at indx.co.uk [mailto:listmaster at indx.co.uk] On Behalf
> > Of Cosimo Lupo
> > Sent: Monday, June 8, 2015 3:29 AM
> > To: listmaster at indx.co.uk
> > Subject: [OpenType] maxSizeOfInstructions Message from OpenType list:
> > Hello,
> > I've got a question about the maxp table's 'maxSizeOfInstructions'
> field.
> > The OpenType spec says the value is the "maximum byte cound for
> glyph instructions”.
> > Similarly, the TrueType Reference Manual says that only
> "instructions associated with a particular glyph" should be included
> in the computation..
> > However, both VTT and ttfautohint take into account the size of the
> fpgm and prep instructions, which are usually longer than indivudual
> glyph instructions, when they recalculate the maxSizeOfInstructions
> value.
> > When analysing such fonts using Microsoft FontValidator, the
> following warning is raised (W1900):
> >> maxp: The value doesn't match the calculated value The
> >> maxSizeOfInstructions value should be based on the largest set of
> instructions (in the glyf table) for a single simple or composite
> glyph. The maxStackElements value should similarly be based on the
> largest value for a single simple or composite glyph. The length and
> content of the fpgm and prep tables, used font-wide, are not relevent
> when specifying these values.
> > So I'm wondering what the correct value for maxSizeOfInstructions
> shoud be?
> > Is it the maximum size of per-glyph instructions as found in the
> glyf table only, or the maximum between those and the fpgm and prep
> instructions, like both VTT and ttfautohint seem to be doing?
> > And finally, how important is this maxp field and what could happen
> if it's not set correctly?
> > Thanks for you support,
> > All best,
> > --
> > Cosimo Lupo
> > List archive: http://www.indx.co.uk/biglistarchive/
> > subscribe: opentype-subscribe at indx.co.uk
> > unsubscribe: opentype-unsubscribe at indx.co.uk
> > messages: opentype-list at indx.co.uk
> > List archive: http://www.indx.co.uk/biglistarchive/
> > subscribe: opentype-subscribe at indx.co.uk
> > unsubscribe: opentype-unsubscribe at indx.co.uk
> > messages: opentype-list at indx.co.uk
>
>
> >****** Attachments to this email message have been removed ******
>
>
>
> List archive: http://www.indx.co.uk/biglistarchive/
>
> subscribe: opentype-subscribe at indx.co.uk
> unsubscribe: opentype-unsubscribe at indx.co.uk
> messages: opentype-list at indx.co.uk
>
>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aau.at/pipermail/mpeg-otspec/attachments/20150619/2e68d47b/attachment.html>

More information about the mpeg-otspec mailing list