[HarfBuzz] potential crash in sanitizer code

Jonathan Kew jonathan at jfkew.plus.com
Tue Jul 20 07:16:05 PDT 2010

Hi Behdad,

We've run across a case where the sanitizer crashes (division by zero) on invalid data. This happens if *none* of the possible fields are actually specified as present in ValueFormat, so that the record_size passed to check_array() is zero.

Suggested patch attached. This allows a record_size of zero; although the ValueRecord is pointless if it has no content, the table still seems to be structurally valid AFAICT.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug-580233-hb-sanitize.patch
Type: application/octet-stream
Size: 1090 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/harfbuzz/attachments/20100720/8c2a27f1/attachment.obj>
-------------- next part --------------

More information about the HarfBuzz mailing list