[HarfBuzz] OOB access possibility in old harfbuzz
Kenichi Ishibashi
bashi at chromium.org
Wed Sep 7 21:11:04 PDT 2011
Hi,
We found that there is an opportunity of out-of-bound read access in old
harfbuzz.
src/harfbuzz-tibetan.c contains tibetanForm table. It looks the table is
supposed to be referenced in the character range U+0F40-U+0FC0, but
tibetan_nextSyllableBoundary() could refer the table with characters whose
codepoint is out of the range (e.g. U+0F21). Since OOB access could be a
security issue, we'd like to fix the problem.
Attached a workaround to avoid this problem. I'd appreciate if you could
take a look at it.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/harfbuzz/attachments/20110908/54b32a89/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tibetan.diff
Type: application/octet-stream
Size: 496 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/harfbuzz/attachments/20110908/54b32a89/attachment.obj>
More information about the HarfBuzz
mailing list