[HarfBuzz] OOB access possibility in old harfbuzz
Behdad Esfahbod
behdad at behdad.org
Wed Sep 7 21:43:43 PDT 2011
Thanks Kenichi,
The patch looks good. Pushed to master.
behdad
On 09/08/11 00:11, Kenichi Ishibashi wrote:
> Hi,
>
> We found that there is an opportunity of out-of-bound read access in old harfbuzz.
>
> src/harfbuzz-tibetan.c contains tibetanForm table. It looks the table is
> supposed to be referenced in the character range U+0F40-U+0FC0, but
> tibetan_nextSyllableBoundary() could refer the table with characters whose
> codepoint is out of the range (e.g. U+0F21). Since OOB access could be a
> security issue, we'd like to fix the problem.
>
> Attached a workaround to avoid this problem. I'd appreciate if you could take
> a look at it.
>
> Thanks,
>
>
>
> _______________________________________________
> HarfBuzz mailing list
> HarfBuzz at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/harfbuzz
More information about the HarfBuzz
mailing list