[HarfBuzz] 'head' table issue
Behdad Esfahbod
behdad at behdad.org
Fri Oct 1 16:10:16 PDT 2010
I pushed a fix for the overflow issue. I'll handle the caching part separately.
behdad
On 08/16/10 10:30, Jonathan Kew wrote:
> Hi Behdad,
>
> I think there's an issue with how the 'head' table is handled in harfbuzz-ng at the moment.
>
> hb_face_create_for_tables() loads the 'head' table and calls Sanitizer<head>::sanitize() on it. However, if sanitize() fails, the table gets replaced by the empty blob, which means that face->head_table does not point to a valid 'head' structure, and in particular, when GPOS code tries to use the unitsPerEm value to scale coordinates, it is accessing "random" memory.
>
> So it seems to me that hb_face_create_for_tables() needs to check that the 'head' table was successfully loaded, *and* has a usable (non-zero, at least) unitsPerEm value. But as that's the only field we care about, we could let hb_face_create_for_tables() store the unitsPerEm value directly into the face (checking that it is within the valid range), and then release the table; there's no need to hold on to the blob after initial creation of the face.
>
> Suggested patch attached.
>
> JK
>
>
>
>
>
>
More information about the HarfBuzz
mailing list