[HarfBuzz] OOB access possibility in old harfbuzz

Kenichi Ishibashi bashi at chromium.org
Wed Sep 7 21:48:33 PDT 2011


Hi Behdad,

Thank you so much for your prompt response :)


On Thu, Sep 8, 2011 at 1:43 PM, Behdad Esfahbod <behdad at behdad.org> wrote:

> Thanks Kenichi,
>
> The patch looks good.  Pushed to master.
>
> behdad
>
> On 09/08/11 00:11, Kenichi Ishibashi wrote:
> > Hi,
> >
> > We found that there is an opportunity of out-of-bound read access in old
> harfbuzz.
> >
> > src/harfbuzz-tibetan.c contains tibetanForm table. It looks the table is
> > supposed to be referenced in the character range U+0F40-U+0FC0, but
> > tibetan_nextSyllableBoundary() could refer the table with characters
> whose
> > codepoint is out of the range (e.g. U+0F21). Since OOB access could be a
> > security issue, we'd like to fix the problem.
> >
> > Attached a workaround to avoid this problem. I'd appreciate if you could
> take
> > a look at it.
> >
> > Thanks,
> >
> >
> >
> > _______________________________________________
> > HarfBuzz mailing list
> > HarfBuzz at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/harfbuzz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/harfbuzz/attachments/20110908/c2cbf143/attachment.html>


More information about the HarfBuzz mailing list