<div dir="auto">I think it can be helpful to be more precise about which versions we are talking about. 1.x.x. or 2.x :)</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 30, 2020, 6:27 PM Renzhi Li <<a href="mailto:Renzhi.Li@microsoft.com">Renzhi.Li@microsoft.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I suspect some Apple code, as well as code in embedded systems, are still relying on such fields because legacy code never dies.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
A good recommendation should be that, a font <i>reader</i> should ignore these fields, and a font
<i>writer</i> should always provide proper values in case this font is put into legacy systems.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
RL</div>
<div id="m_-8422668598250027010appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_-8422668598250027010divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> mpeg-otspec <<a href="mailto:mpeg-otspec-bounces@lists.aau.at" target="_blank" rel="noreferrer">mpeg-otspec-bounces@lists.aau.at</a>> on behalf of Simon Cozens <<a href="mailto:simon@simon-cozens.org" target="_blank" rel="noreferrer">simon@simon-cozens.org</a>><br>
<b>Sent:</b> Sunday, August 30, 2020 01:18<br>
<b>To:</b> <a href="mailto:mpeg-otspec@lists.aau.at" target="_blank" rel="noreferrer">mpeg-otspec@lists.aau.at</a> <<a href="mailto:mpeg-otspec@lists.aau.at" target="_blank" rel="noreferrer">mpeg-otspec@lists.aau.at</a>><br>
<b>Subject:</b> [EXTERNAL] [MPEG-OTSPEC] Proposal to deprecate derived search values</font>
<div> </div>
</div>
<div><font size="2"><span style="font-size:11pt">
<div>Peter's email about the Offset Table reminded me of something I've
<br>
wanted to see changed.<br>
<br>
Various parts of OFF - the Offset Table, cmap format 4 and the kern <br>
table - expect the user to supply easily computable transformations of <br>
other fields (searchRange, entrySelector and rangeShift), ostensibly to <br>
optimize the search algorithm. Because this data is derived from another <br>
field, it is redundant information from a storage perspective.<br>
<br>
But the security-conscious programmer should immediately be thinking <br>
"What happens if the font file lies to the shaper about basic <br>
arithmetic?" It turns out that most engines, correctly IMO, ignore the <br>
content of these computer fields and only trust the non-derived fields <br>
(numTables). Uniscribe fails with an error in the presence of a <br>
malicious font file. Of course in order to validate whether the font has <br>
incorrect data, it has to derive the correct data in the first place, <br>
proving the data in the font file redundant.<br>
<br>
I propose that these fields be deprecated for font consumers in the next <br>
OFF version, with a path to becoming marked "unused" for both font <br>
consumers and font producers in a specified future version.<br>
<br>
S<br>
_______________________________________________<br>
mpeg-otspec mailing list<br>
<a href="mailto:mpeg-otspec@lists.aau.at" target="_blank" rel="noreferrer">mpeg-otspec@lists.aau.at</a><br>
<a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.aau.at%2Fmailman%2Flistinfo%2Fmpeg-otspec&data=02%7C01%7Crenzhi.li%40microsoft.com%7Ccbf0377e04ea48f0ae0008d84cbd5516%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637343723346615282&sdata=R3atDIm4ABe8cnihRkS5ZUeH6HHWJ4XF8bAK8zr2%2FWs%3D&reserved=0" target="_blank" rel="noreferrer">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.aau.at%2Fmailman%2Flistinfo%2Fmpeg-otspec&data=02%7C01%7Crenzhi.li%40microsoft.com%7Ccbf0377e04ea48f0ae0008d84cbd5516%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637343723346615282&sdata=R3atDIm4ABe8cnihRkS5ZUeH6HHWJ4XF8bAK8zr2%2FWs%3D&reserved=0</a><br>
</div>
</span></font></div>
</div>
_______________________________________________<br>
mpeg-otspec mailing list<br>
<a href="mailto:mpeg-otspec@lists.aau.at" target="_blank" rel="noreferrer">mpeg-otspec@lists.aau.at</a><br>
<a href="https://lists.aau.at/mailman/listinfo/mpeg-otspec" rel="noreferrer noreferrer" target="_blank">https://lists.aau.at/mailman/listinfo/mpeg-otspec</a><br>
</blockquote></div>