Give up sanitizing after 100 edit requests

Such fonts are *definitely* really broken.  Give up.
Limits time spent in sanitize for extremely / deliberately broken
fonts.  For example, two fonts with these md5sum / names:

  9343f0a1b8c84b8123e7d201cae62ffd.ttf
  eb8c978547f09d368fc204194fb34688.ttf

were spending over a second in sanitize!  Not anymore.

diff --git a/src/hb-open-type-private.hh b/src/hb-open-type-private.hh
index 090f3fc..b337ab7 100644 (file)
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -171,6 +171,10 @@ ASSERT_STATIC (Type::min_size + 1 <= sizeof (_Null##Type))
        (&c->debug_depth, c->get_name (), this, HB_FUNC, \
         "");
 
+/* This limits sanitizing time on really broken fonts. */
+#ifndef HB_SANITIZE_MAX_EDITS
+#define HB_SANITIZE_MAX_EDITS 100
+#endif
 
 struct hb_sanitize_context_t
 {
@@ -247,6 +251,9 @@ struct hb_sanitize_context_t
 
   inline bool may_edit (const void *base HB_UNUSED, unsigned int len HB_UNUSED)
   {
+    if (this->edit_count >= HB_SANITIZE_MAX_EDITS)
+      return false;
+
     const char *p = (const char *) base;
     this->edit_count++;