[HarfBuzz] infinite loop in _hb_ot_shape_normalize() when var selector is present
Jonathan Kew
jonathan at jfkew.plus.com
Fri Oct 14 01:38:19 PDT 2011
Hi Behdad,
In the current hbng code, _hb_ot_shape_normalize() will hang if a variation selector is present, because decompose_multi_char_cluster gives up, does an early return, and fails to make any forward progress through the buffer.
Suggested fix:
--- a/harfbuzz/src/hb-ot-shape-normalize.cc
+++ b/harfbuzz/src/hb-ot-shape-normalize.cc
@@ -134,18 +134,21 @@ decompose_single_char_cluster (hb_ot_sha
}
static void
decompose_multi_char_cluster (hb_ot_shape_context_t *c,
unsigned int end)
{
/* TODO Currently if there's a variation-selector we give-up, it's just too hard. */
for (unsigned int i = c->buffer->idx; i < end; i++)
- if (unlikely (is_variation_selector (c->buffer->info[i].codepoint)))
+ if (unlikely (is_variation_selector (c->buffer->info[i].codepoint))) {
+ while (c->buffer->idx < end)
+ c->buffer->next_glyph();
return;
+ }
while (c->buffer->idx < end)
decompose_current_glyph (c, FALSE);
}
static int
compare_combining_class (const hb_glyph_info_t *pa, const hb_glyph_info_t *pb)
{
More information about the HarfBuzz
mailing list