[HarfBuzz] harfbuzz: Branch 'master' - 2 commits

Thu Oct 15 08:56:51 PDT 2015

src/hb-ot-font.cc                                                       |    2 +-
 test/shaping/fonts/sha1sum/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf |binary
 test/shaping/fonts/sha1sum/641bd9db850193064d17575053ae2bf8ec149ddc.ttf |binary
 test/shaping/fonts/sha1sum/MANIFEST                                     |    2 ++
 test/shaping/tests/fuzzed.tests                                         |    2 ++
 5 files changed, 5 insertions(+), 1 deletion(-)

New commits:
commit 338ffec9e4a5819f2be21c3a320a567378c977b1
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Thu Oct 15 12:55:57 2015 -0300

    Add tests for a couple of fixed issues found by libFuzzer
    
    From:
    https://github.com/behdad/harfbuzz/issues/139#issuecomment-147616887
    https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957

diff --git a/test/shaping/fonts/sha1sum/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf b/test/shaping/fonts/sha1sum/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf
new file mode 100644
index 0000000..b284c98
Binary files /dev/null and b/test/shaping/fonts/sha1sum/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf differ
diff --git a/test/shaping/fonts/sha1sum/641bd9db850193064d17575053ae2bf8ec149ddc.ttf b/test/shaping/fonts/sha1sum/641bd9db850193064d17575053ae2bf8ec149ddc.ttf
new file mode 100644
index 0000000..66cefd4
Binary files /dev/null and b/test/shaping/fonts/sha1sum/641bd9db850193064d17575053ae2bf8ec149ddc.ttf differ
diff --git a/test/shaping/fonts/sha1sum/MANIFEST b/test/shaping/fonts/sha1sum/MANIFEST
index 0d33229..902fa00 100644
--- a/test/shaping/fonts/sha1sum/MANIFEST
+++ b/test/shaping/fonts/sha1sum/MANIFEST
@@ -6,11 +6,13 @@
 270b89df543a7e48e206a2d830c0e10e5265c630.ttf
 298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf
 37033cc5cf37bb223d7355153016b6ccece93b28.ttf
+375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf
 43ef465752be9af900745f72fe29cb853a1401a5.ttf
 4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf
 5028afb650b1bb718ed2131e872fbcce57828fff.ttf
 57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf
 5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf
+641bd9db850193064d17575053ae2bf8ec149ddc.ttf
 6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf
 757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf
 7e14e7883ed152baa158b80e207b66114c823a8b.ttf
diff --git a/test/shaping/tests/fuzzed.tests b/test/shaping/tests/fuzzed.tests
index 9f77155..5f64ccc 100644
--- a/test/shaping/tests/fuzzed.tests
+++ b/test/shaping/tests/fuzzed.tests
@@ -1,3 +1,5 @@
 fonts/sha1sum/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf::U+0041:[gid0=0+1000]
 fonts/sha1sum/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf::U+0041:[gid0=0+1000]
 fonts/sha1sum/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf::U+0041:[gid0=0+1000]
+fonts/sha1sum/641bd9db850193064d17575053ae2bf8ec149ddc.ttf::U+0041:[gid0=0+1000]
+fonts/sha1sum/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf::U+0041:[gid0=0+2048]
commit 63ef0b41dc48d6112d1918c1b1de9de8ea90adb5
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Thu Oct 15 12:47:22 2015 -0300

    [ot-font] Fix hmtx wrong table length check
    
    Discovered by libFuzzer.  Ouch!
    
    https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957

diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc
index 3102784..69d2503 100644
--- a/src/hb-ot-font.cc
+++ b/src/hb-ot-font.cc
@@ -59,7 +59,7 @@ struct hb_ot_face_metrics_accelerator_t
 
     this->blob = OT::Sanitizer<OT::_mtx>::sanitize (face->reference_table (_mtx_tag));
     if (unlikely (!this->num_advances ||
-		  2 * (this->num_advances + this->num_metrics) < hb_blob_get_length (this->blob)))
+		  2 * (this->num_advances + this->num_metrics) > hb_blob_get_length (this->blob)))
     {
       this->num_metrics = this->num_advances = 0;
       hb_blob_destroy (this->blob);
