[HarfBuzz] harfbuzz: Branch 'master'
Behdad Esfahbod
behdad at kemper.freedesktop.org
Thu Oct 18 05:35:02 UTC 2018
src/hb-aat-layout-common.hh | 4 ++++
src/hb-machinery.hh | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
New commits:
commit 83780308b41b029513ac2568b6688d3eaad77338
Author: Behdad Esfahbod <behdad at behdad.org>
Date: Wed Oct 17 22:34:16 2018 -0700
[aat] Fix sanitize slowdown
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11034
diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh
index 741e5020..69768e5e 100644
--- a/src/hb-aat-layout-common.hh
+++ b/src/hb-aat-layout-common.hh
@@ -422,6 +422,8 @@ struct StateTable
num_states,
num_classes * states[0].static_size)))
return_trace (false);
+ if ((c->max_ops -= num_states - state) < 0)
+ return_trace (false);
{ /* Sweep new states. */
const HBUINT16 *stop = &states[num_states * num_classes];
for (const HBUINT16 *p = &states[state * num_classes]; p < stop; p++)
@@ -431,6 +433,8 @@ struct StateTable
if (unlikely (!c->check_array (entries, num_entries)))
return_trace (false);
+ if ((c->max_ops -= num_entries - entry) < 0)
+ return_trace (false);
{ /* Sweep new entries. */
const Entry<Extra> *stop = &entries[num_entries];
for (const Entry<Extra> *p = &entries[entry]; p < stop; p++)
diff --git a/src/hb-machinery.hh b/src/hb-machinery.hh
index a6ff6e7b..3bdbb2eb 100644
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@@ -443,10 +443,10 @@ struct hb_sanitize_context_t :
mutable unsigned int debug_depth;
const char *start, *end;
+ mutable int max_ops;
private:
bool writable;
unsigned int edit_count;
- mutable int max_ops;
hb_blob_t *blob;
unsigned int num_glyphs;
bool num_glyphs_set;
More information about the HarfBuzz
mailing list