From 3e79254ae73ba4e5f951967b42d38b0aa1460af8 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 18 Mar 2017 10:06:15 +0100
Subject: [PATCH] * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter
 (#50573).

The problematic font that exceeds the old limit is Lato-Regular,
version 2.007, containing bytecode generated by a buggy version of
ttfautohint.
---
 ChangeLog               | 8 ++++++++
 src/truetype/ttinterp.c | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index a0ec37bbc..ea14f23c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-03-18  Werner Lemberg  <wl@gnu.org>
+
+	* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter (#50573).
+
+	The problematic font that exceeds the old limit is Lato-Regular,
+	version 2.007, containing bytecode generated by a buggy version of
+	ttfautohint.
+
 2017-03-18  Werner Lemberg  <wl@gnu.org>
 
 	[truetype] Another limitation for bytecode loop count maximum.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index f4f89b0e7..000c30b23 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -7626,7 +7626,7 @@
                                           exc->cvtSize / 10 );
     else
       exc->loopcall_counter_max = FT_MAX( 100,
-                                          5 * exc->cvtSize );
+                                          10 * exc->cvtSize );
 
     /* as a protection against an unreasonable number of CVT entries  */
     /* we assume at most 100 control values per glyph for the counter */