[HarfBuzz] infinite loop in _hb_ot_shape_normalize() when var selector is present
Behdad Esfahbod
behdad at behdad.org
Mon Oct 17 11:37:44 PDT 2011
On 10/14/2011 01:38 AM, Jonathan Kew wrote:
> Hi Behdad,
>
> In the current hbng code, _hb_ot_shape_normalize() will hang if a variation selector is present, because decompose_multi_char_cluster gives up, does an early return, and fails to make any forward progress through the buffer.
Fixed. Thanks.
behdad
> Suggested fix:
>
> --- a/harfbuzz/src/hb-ot-shape-normalize.cc
> +++ b/harfbuzz/src/hb-ot-shape-normalize.cc
> @@ -134,18 +134,21 @@ decompose_single_char_cluster (hb_ot_sha
> }
>
> static void
> decompose_multi_char_cluster (hb_ot_shape_context_t *c,
> unsigned int end)
> {
> /* TODO Currently if there's a variation-selector we give-up, it's just too hard. */
> for (unsigned int i = c->buffer->idx; i < end; i++)
> - if (unlikely (is_variation_selector (c->buffer->info[i].codepoint)))
> + if (unlikely (is_variation_selector (c->buffer->info[i].codepoint))) {
> + while (c->buffer->idx < end)
> + c->buffer->next_glyph();
> return;
> + }
>
> while (c->buffer->idx < end)
> decompose_current_glyph (c, FALSE);
> }
>
> static int
> compare_combining_class (const hb_glyph_info_t *pa, const hb_glyph_info_t *pb)
> {
More information about the HarfBuzz
mailing list