[MPEG-OTSPEC] Proposal to deprecate derived search values

[Simon Cozens]

Peter's email about the Offset Table reminded me of something I've 
wanted to see changed.

Various parts of OFF - the Offset Table, cmap format 4 and the kern 
table - expect the user to supply easily computable transformations of 
other fields (searchRange, entrySelector and rangeShift), ostensibly to 
optimize the search algorithm. Because this data is derived from another 
field, it is redundant information from a storage perspective.

But the security-conscious programmer should immediately be thinking 
"What happens if the font file lies to the shaper about basic 
arithmetic?" It turns out that most engines, correctly IMO, ignore the 
content of these computer fields and only trust the non-derived fields 
(numTables). Uniscribe fails with an error in the presence of a 
malicious font file. Of course in order to validate whether the font has 
incorrect data, it has to derive the correct data in the first place, 
proving the data in the font file redundant.

I propose that these fields be deprecated for font consumers in the next 
OFF version, with a path to becoming marked "unused" for both font 
consumers and font producers in a specified future version.

S