Bug 1934606 - Avoid WOFF2-decoding failure for very large resources (e.g. BabelStoneHan). r=layout-reviewers,emilio

Differential Revision: https://phabricator.services.mozilla.com/D230795

gfx/ots/RLBoxWOFF2Host.cpp

@@ -128,6 +128,13 @@ static uint32_t ComputeWOFF2FinalSize(const uint8_t* aData, size_t aLength,
   std::memcpy(&decompressedSize, location, sizeof(decompressedSize));
   decompressedSize = ots_ntohl(decompressedSize);
 
+  // We bump the decompressedSize slightly because it seems that some fonts
+  // have an incorrectly-set value that results in decompression failure.
+  // (See https://bugzilla.mozilla.org/show_bug.cgi?id=1934606, and original
+  // discussion in https://github.com/harfbuzz/harfbuzz/issues/4962.)
+  decompressedSize =
+      std::max(decompressedSize, decompressedSize + (decompressedSize >> 4));
+
   if (!Woff2SizeValidator(aLength, decompressedSize, aLimit)) {
     return 0;
   }

modules/woff2/RLBoxWOFF2Sandbox.cpp

@@ -15,6 +15,7 @@ bool RLBoxConvertWOFF2ToTTF(const char* aData, unsigned long aLength,
   std::unique_ptr<std::string> buf =
       std::make_unique<std::string>(aDecompressedSize, 0);
   woff2::WOFF2StringOut out(buf.get());
+  out.SetMaxSize(std::max(aDecompressedSize, woff2::kDefaultMaxSize));
   if (!woff2::ConvertWOFF2ToTTF(reinterpret_cast<const uint8_t*>(aData),
                                 aLength, &out)) {
     return false;