src/hb-aat-layout-kerx-table.hh
| 2
src/hb-ot-shape.cc
| 26 +++++-----
src/hb-ot-shape.hh
| 15 +++--
src/hb-shape-plan.cc
| 25 +++++----
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5691469793329152
|binary
5 files changed, 36 insertions(+), 32 deletions(-)
New commits:
commit a549aa14a0b60436a16f7f8924a5b5f82b4d5b7e
Author: Behdad Esfahbod <[email protected]>
Date: Mon Nov 12 13:01:22 2018 -0500
[kerx] Protect against stack underflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367
diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 6b61186a..4e6c6e40 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -260,7 +260,7 @@ struct KerxSubTableFormat1
depth = 0; /* Probably not what CoreText does, but better? */
}
- if (Format1EntryT::performAction (entry))
+ if (depth && Format1EntryT::performAction (entry))
{
unsigned int tuple_count = MAX (1u, table->header.tuple_count ());
diff --git
a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5691469793329152
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5691469793329152
new file mode 100644
index 00000000..6c739000
Binary files /dev/null and
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5691469793329152
differ
commit 3e284e02c2a5da758526360a45364a330b8ab8e9
Author: Behdad Esfahbod <[email protected]>
Date: Sun Nov 11 22:51:34 2018 -0500
[shape-plan] Minor
diff --git a/src/hb-ot-shape.cc b/src/hb-ot-shape.cc
index 44cf3907..2500bcb8 100644
--- a/src/hb-ot-shape.cc
+++ b/src/hb-ot-shape.cc
@@ -68,11 +68,12 @@ _hb_apply_morx (hb_face_t *face)
hb_aat_layout_has_substitution (face);
}
-hb_ot_shape_planner_t::hb_ot_shape_planner_t (const hb_shape_plan_t
*master_plan) :
- face (master_plan->face_unsafe),
- props (master_plan->props),
- map (face, &props),
- aat_map (face, &props),
+hb_ot_shape_planner_t::hb_ot_shape_planner_t (hb_face_t
*face,
+ const hb_segment_properties_t
*props) :
+ face (face),
+ props (*props),
+ map (face, props),
+ aat_map (face, props),
apply_morx (_hb_apply_morx
(face)),
shaper (apply_morx ?
&_hb_ot_complex_shaper_default :
@@ -148,18 +149,19 @@ hb_ot_shape_planner_t::compile (hb_ot_shape_plan_t &plan,
}
bool
-hb_ot_shape_plan_t::init0 (hb_shape_plan_t *shape_plan,
- const hb_feature_t *user_features,
- unsigned int num_user_features,
- const int *coords,
- unsigned int num_coords)
+hb_ot_shape_plan_t::init0 (hb_face_t *face,
+ const hb_segment_properties_t *props,
+ const hb_feature_t *user_features,
+ unsigned int num_user_features,
+ const int *coords,
+ unsigned int num_coords)
{
map.init ();
aat_map.init ();
- hb_ot_shape_planner_t planner (shape_plan);
+ hb_ot_shape_planner_t planner (face, props);
- hb_ot_shape_collect_features (&planner, &shape_plan->props,
+ hb_ot_shape_collect_features (&planner, props,
user_features, num_user_features);
planner.compile (*this, coords, num_coords);
diff --git a/src/hb-ot-shape.hh b/src/hb-ot-shape.hh
index 049830a6..9753752a 100644
--- a/src/hb-ot-shape.hh
+++ b/src/hb-ot-shape.hh
@@ -73,12 +73,12 @@ struct hb_ot_shape_plan_t
inline void substitute (hb_font_t *font, hb_buffer_t *buffer) const {
map.substitute (this, font, buffer); }
inline void position (hb_font_t *font, hb_buffer_t *buffer) const {
map.position (this, font, buffer); }
- HB_INTERNAL bool init0 (hb_shape_plan_t *shape_plan,
- const hb_feature_t *user_features,
- unsigned int num_user_features,
- const int *coords,
- unsigned int num_coords);
-
+ HB_INTERNAL bool init0 (hb_face_t *face,
+ const hb_segment_properties_t *props,
+ const hb_feature_t *user_features,
+ unsigned int num_user_features,
+ const int *coords,
+ unsigned int num_coords);
HB_INTERNAL void fini (void);
};
@@ -94,7 +94,8 @@ struct hb_ot_shape_planner_t
bool apply_morx : 1;
const struct hb_ot_complex_shaper_t *shaper;
- HB_INTERNAL hb_ot_shape_planner_t (const hb_shape_plan_t *master_plan);
+ HB_INTERNAL hb_ot_shape_planner_t (hb_face_t *face,
+ const hb_segment_properties_t *props);
HB_INTERNAL void compile (hb_ot_shape_plan_t &plan,
const int *coords,
diff --git a/src/hb-shape-plan.cc b/src/hb-shape-plan.cc
index 534d2896..0d51165f 100644
--- a/src/hb-shape-plan.cc
+++ b/src/hb-shape-plan.cc
@@ -178,7 +178,8 @@ hb_shape_plan_create2 (hb_face_t *face,
coords, num_coords,
shaper_list);
- if (unlikely (!shape_plan->ot.init0 (shape_plan,
+ if (unlikely (!shape_plan->ot.init0 (face,
+ props,
user_features,
num_user_features,
coords,
commit 420c9de6447cdb491184e7f8caf0811b0c962c05
Author: Behdad Esfahbod <[email protected]>
Date: Sun Nov 11 22:38:05 2018 -0500
[shape-plan] Minor rename
diff --git a/src/hb-shape-plan.cc b/src/hb-shape-plan.cc
index 2a2e0e39..534d2896 100644
--- a/src/hb-shape-plan.cc
+++ b/src/hb-shape-plan.cc
@@ -45,12 +45,12 @@
static void
-hb_shape_plan_plan (hb_shape_plan_t *shape_plan,
- const hb_feature_t *user_features,
- unsigned int num_user_features,
- const int *coords,
- unsigned int num_coords,
- const char * const *shaper_list)
+hb_shape_plan_choose_shaper (hb_shape_plan_t *shape_plan,
+ const hb_feature_t *user_features,
+ unsigned int num_user_features,
+ const int *coords,
+ unsigned int num_coords,
+ const char * const *shaper_list)
{
DEBUG_MSG_FUNC (SHAPE_PLAN, shape_plan,
"num_features=%d num_coords=%d shaper_list=%p",
@@ -173,10 +173,10 @@ hb_shape_plan_create2 (hb_face_t
*face,
if (num_coords)
memcpy (coords, orig_coords, num_coords * sizeof (int));
- hb_shape_plan_plan (shape_plan,
- user_features, num_user_features,
- coords, num_coords,
- shaper_list);
+ hb_shape_plan_choose_shaper (shape_plan,
+ user_features, num_user_features,
+ coords, num_coords,
+ shaper_list);
if (unlikely (!shape_plan->ot.init0 (shape_plan,
user_features,
@@ -487,7 +487,7 @@ hb_shape_plan_create_cached2 (hb_face_t
*face,
};
if (shaper_list) {
- /* Choose shaper. Adapted from hb_shape_plan_plan().
+ /* Choose shaper. Adapted from hb_shape_plan_choose_shaper().
* Must choose shaper exactly the same way as that function. */
for (const char * const *shaper_item = shaper_list; *shaper_item;
shaper_item++)
if (false)
_______________________________________________
HarfBuzz mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/harfbuzz
