<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">With respect to instructions, there are
two things that are important to consider:<br>
<br>
1) what is the maximum number of instructions (bytes) for any
glyph program (a static value)<br>
<br>
and<br>
<br>
2) what is the maximum number of instructions that may be executed
by any glyph program (a dynamic value)<br>
<br>
maxp addresses #1<br>
<br>
nothing addresses #2 but this is important because even with small
glyph programs it is<br>
possible to construct a malicious program that will execute an
essentially unbounded<br>
number of instructions. Think of this as a denial of service
attack via a font program since<br>
a single glyph program could take years to execute without some
bound.<br>
<br>
Robust font interpreters will impose some limit (either in time or
instruction count) that<br>
isn't part of the public spec.<br>
<br>
Terry<br>
<br>
On 6/19/2015 6:35 AM, 'Levantovsky, Vladimir'
<a class="moz-txt-link-abbreviated" href="mailto:vladimir.levantovsky@monotype.com">vladimir.levantovsky@monotype.com</a> [mpeg-OTspec] wrote:<br>
</div>
<blockquote
cite="mid:468d227b93f34d97a96b947bc432f0e6@wob-maildb-03.agfamonotype.org"
type="cite"> <span style="display:none"> </span>
<div id="ygrp-text">
<p>Greg, all,
<br>
<br>
ISO spec is just about to undergo another revision and the
amendment will be opened by the end of next week. If you
can submit a proposed 'maxp' change I can add this to
other amended items and considering we have no objections
to the proposed changes we can make them into the spec
fairly quickly. Please send the proposed spec update to
the <a class="moz-txt-link-abbreviated" href="mailto:mpeg-OTspec@yahoogroups.com">mpeg-OTspec@yahoogroups.com</a> list.
<br>
<br>
Thank you,
<br>
Vladimir
<br>
<br>
<br>
-----Original Message-----
<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:listmaster@indx.co.uk">listmaster@indx.co.uk</a> [<a class="moz-txt-link-freetext" href="mailto:listmaster@indx.co.uk">mailto:listmaster@indx.co.uk</a>]
On Behalf Of Cosimo Lupo
<br>
Sent: Friday, June 19, 2015 5:11 AM
<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:listmaster@indx.co.uk">listmaster@indx.co.uk</a>
<br>
Subject: RE: [OpenType] maxSizeOfInstructions
<br>
<br>
Message from OpenType list:
<br>
<br>
<br>
>****** Attachments to this email message have been
removed ******
<br>
<br>
Thanks for your reply.
<br>
<br>
If that is the case, it'd be good to update the wording of
the maxp spec to reflect this. At the moment for
maxSizeOfInstructions the spec only says the "maximum byte
count for glyph instructions”, with no reference to fpgm
or prep instructions (unlike maxStackElements, which has a
footnote).
<br>
<br>
<br>
<br>
<br>
All best,
<br>
<br>
<br>
<br>
<br>
Cosimo
<br>
<br>
On Wed, Jun 17, 2015 at 7:32 PM, Greg Hitchcock
<a class="moz-txt-link-rfc2396E" href="mailto:gregh@microsoft.com"><gregh@microsoft.com></a>
<br>
wrote:
<br>
<br>
> Message from OpenType list:
<br>
> It should be a maximum of the glyph instructions, the
pre-program, and font program. I believe the value was
important in an earlier version of the original Apple
TrueType scaler, but with some architectural changes it
became unnecessary. The current Microsoft TrueType
rasterizer does not use this value.
<br>
> maxStackElements, on the other hand, is quite
important and it should also reflect the value across the
glyph, pre-program, and font-program.
<br>
> GregH
<br>
> -----Original Message-----
<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:listmaster@indx.co.uk">listmaster@indx.co.uk</a>
[<a class="moz-txt-link-freetext" href="mailto:listmaster@indx.co.uk">mailto:listmaster@indx.co.uk</a>] On Behalf <br>
> Of Cosimo Lupo
<br>
> Sent: Monday, June 8, 2015 3:29 AM
<br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:listmaster@indx.co.uk">listmaster@indx.co.uk</a>
<br>
> Subject: [OpenType] maxSizeOfInstructions Message
from OpenType list:
<br>
> Hello,
<br>
> I've got a question about the maxp table's
'maxSizeOfInstructions' field.
<br>
> The OpenType spec says the value is the "maximum byte
cound for glyph instructions”.
<br>
> Similarly, the TrueType Reference Manual says that
only "instructions associated with a particular glyph"
should be included in the computation..
<br>
> However, both VTT and ttfautohint take into account
the size of the fpgm and prep instructions, which are
usually longer than indivudual glyph instructions, when
they recalculate the maxSizeOfInstructions value.
<br>
> When analysing such fonts using Microsoft
FontValidator, the following warning is raised (W1900):
<br>
>> maxp: The value doesn't match the calculated
value The <br>
>> maxSizeOfInstructions value should be based on
the largest set of instructions (in the glyf table) for a
single simple or composite glyph. The maxStackElements
value should similarly be based on the largest value for a
single simple or composite glyph. The length and content
of the fpgm and prep tables, used font-wide, are not
relevent when specifying these values.
<br>
> So I'm wondering what the correct value for
maxSizeOfInstructions shoud be?
<br>
> Is it the maximum size of per-glyph instructions as
found in the glyf table only, or the maximum between those
and the fpgm and prep instructions, like both VTT and
ttfautohint seem to be doing?
<br>
> And finally, how important is this maxp field and
what could happen if it's not set correctly?
<br>
> Thanks for you support,
<br>
> All best,
<br>
> --
<br>
> Cosimo Lupo
<br>
> List archive: <a class="moz-txt-link-freetext" href="http://www.indx.co.uk/biglistarchive/">http://www.indx.co.uk/biglistarchive/</a>
<br>
> subscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-subscribe@indx.co.uk">opentype-subscribe@indx.co.uk</a>
<br>
> unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-unsubscribe@indx.co.uk">opentype-unsubscribe@indx.co.uk</a>
<br>
> messages: <a class="moz-txt-link-abbreviated" href="mailto:opentype-list@indx.co.uk">opentype-list@indx.co.uk</a>
<br>
> List archive: <a class="moz-txt-link-freetext" href="http://www.indx.co.uk/biglistarchive/">http://www.indx.co.uk/biglistarchive/</a>
<br>
> subscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-subscribe@indx.co.uk">opentype-subscribe@indx.co.uk</a>
<br>
> unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-unsubscribe@indx.co.uk">opentype-unsubscribe@indx.co.uk</a>
<br>
> messages: <a class="moz-txt-link-abbreviated" href="mailto:opentype-list@indx.co.uk">opentype-list@indx.co.uk</a>
<br>
<br>
<br>
>****** Attachments to this email message have been
removed ******
<br>
<br>
<br>
<br>
List archive: <a class="moz-txt-link-freetext" href="http://www.indx.co.uk/biglistarchive/">http://www.indx.co.uk/biglistarchive/</a>
<br>
<br>
subscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-subscribe@indx.co.uk">opentype-subscribe@indx.co.uk</a>
<br>
unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:opentype-unsubscribe@indx.co.uk">opentype-unsubscribe@indx.co.uk</a>
<br>
messages: <a class="moz-txt-link-abbreviated" href="mailto:opentype-list@indx.co.uk">opentype-list@indx.co.uk</a>
<br>
<br>
<br>
</p>
</div>
<!-- end group email -->
</blockquote>
<br>
</body>
</html>