<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Off-topic - but is anything happening
      about my recent report (regarding the introduction of strtof() in
      hb-common.cc):-<br>
      <br>
      <a class="moz-txt-link-freetext"
href="https://lists.freedesktop.org/archives/harfbuzz/2017-February/005885.html">https://lists.freedesktop.org/archives/harfbuzz/2017-February/005885.html</a><br>
      <br>
      I can fix it locally if this can't get fixed upstream for some
      reason?<br>
      <br>
      John<br>
      <br>
      On 17/02/2017 03:07, Behdad Esfahbod wrote:<br>
    </div>
    <blockquote
      cite="mid:20170217030722.38A79762C3@kemper.freedesktop.org"
      type="cite">
      <pre wrap=""> src/hb-ot-layout-gsubgpos-private.hh                                    |    6 +++---
 src/hb-ot-shape-complex-indic-table.cc                                  |    7 +++++++
 test/shaping/fonts/sha1sum/3493e92eaded2661cadde752a39f9d58b11f0326.ttf |binary
 test/shaping/fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf |binary
 test/shaping/tests/fuzzed.tests                                         |    1 +
 test/shaping/tests/indic-script-extensions.tests                        |    1 +
 6 files changed, 12 insertions(+), 3 deletions(-)

New commits:
commit 44f7d6ecde9bf7427a05cbe73ed5d668b8a72b2a
Author: jfkthame <a class="moz-txt-link-rfc2396E" href="mailto:jfkthame@gmail.com"><jfkthame@gmail.com></a>
Date:   Fri Feb 17 03:03:24 2017 +0000

    Guard against underflow when adjusting length (#421)
    
    * Guard against underflow when adjusting length
    
    With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value.
    
    Making `end` a signed int is probably the simplest route to a fix.
    
    Fixes <a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1295299">https://bugzilla.mozilla.org/show_bug.cgi?id=1295299</a>.
    
    * Add testcase for #421.

diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index b7a0122..0c42352 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -959,7 +959,7 @@ static inline bool apply_lookup (hb_apply_context_t *c,
   TRACE_APPLY (NULL);
 
   hb_buffer_t *buffer = c->buffer;
-  unsigned int end;
+  int end;
 
   /* All positions are distance from beginning of *output* buffer.
    * Adjust. */
@@ -998,8 +998,8 @@ static inline bool apply_lookup (hb_apply_context_t *c,
 
     /* Recursed lookup changed buffer len.  Adjust. */
 
-    end = int (end) + delta;
-    if (end <= match_positions[idx])
+    end += delta;
+    if (end <= int (match_positions[idx]))
     {
       /* End might end up being smaller than match_positions[idx] if the recursed
        * lookup ended up removing many items, more than we have had matched.
diff --git a/test/shaping/fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf b/test/shaping/fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf
new file mode 100644
index 0000000..5d72fdf
Binary files /dev/null and b/test/shaping/fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf differ
diff --git a/test/shaping/tests/fuzzed.tests b/test/shaping/tests/fuzzed.tests
index 771ac2b..d9bace3 100644
--- a/test/shaping/tests/fuzzed.tests
+++ b/test/shaping/tests/fuzzed.tests
@@ -10,3 +10,4 @@ fonts/sha1sum/3511ff5c1647150595846ac414c595cccac34f18.ttf:--font-funcs=ot:U+004
 fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf:--font-funcs=ot:U+0041,U+0041:[gid0=0+1000|gid0=1+1000]
 fonts/sha1sum/205edd09bd3d141cc9580f650109556cc28b22cb.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
 fonts/sha1sum/217a934cfe15c548b572c203dceb2befdf026462.ttf:--font-funcs=ot:U+0061,U+0061,U+0061:[]
+fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf:--font-funcs=ot:U+FFFD,U+E0100,U+FFFD,U+E0010:[]
commit 45766b673f427bb791c9d5886cadedfac0447066
Author: jfkthame <a class="moz-txt-link-rfc2396E" href="mailto:jfkthame@gmail.com"><jfkthame@gmail.com></a>
Date:   Thu Feb 16 17:40:21 2017 +0000

    [indic] Add support for Grantha marks that may be used in Tamil to th… (#401)
    
    * [indic] Add support for Grantha marks that may be used in Tamil to the Indic table.
    
    See <a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1331339">https://bugzilla.mozilla.org/show_bug.cgi?id=1331339</a>.
    
    Testcase: U+0BA4,U+0BC6,U+1133c,U+0BAA,U+1133c,U+0BC6,U+1133c
    
    * [indic] Add test for Grantha nukta that is allowed in Tamil by ScriptExtensions.txt

diff --git a/src/hb-ot-shape-complex-indic-table.cc b/src/hb-ot-shape-complex-indic-table.cc
index 80a6b25..e10a4d2 100644
--- a/src/hb-ot-shape-complex-indic-table.cc
+++ b/src/hb-ot-shape-complex-indic-table.cc
@@ -422,6 +422,13 @@ hb_indic_get_categories (hb_codepoint_t u)
       if (hb_in_range (u, 0xAA60u, 0xAA7Fu)) return indic_table[u - 0xAA60u + indic_offset_0xaa60u];
       break;
 
+    case 0x11u:
+      // According to ScriptExtensions.txt, these Grantha marks may also be used in Tamil,
+      // so the Indic shaper needs to know their categories.
+      if (unlikely (u == 0x11303)) return _(Vs,R);
+      if (unlikely (u == 0x1133c)) return _(N,B);
+      break;
+
     default:
       break;
   }
diff --git a/test/shaping/fonts/sha1sum/3493e92eaded2661cadde752a39f9d58b11f0326.ttf b/test/shaping/fonts/sha1sum/3493e92eaded2661cadde752a39f9d58b11f0326.ttf
new file mode 100644
index 0000000..006adb6
Binary files /dev/null and b/test/shaping/fonts/sha1sum/3493e92eaded2661cadde752a39f9d58b11f0326.ttf differ
diff --git a/test/shaping/tests/indic-script-extensions.tests b/test/shaping/tests/indic-script-extensions.tests
new file mode 100644
index 0000000..52b6aa0
--- /dev/null
+++ b/test/shaping/tests/indic-script-extensions.tests
@@ -0,0 +1 @@
+fonts/sha1sum/3493e92eaded2661cadde752a39f9d58b11f0326.ttf::U+0BA4,U+0BC6,U+D804,U+DF3C,U+0BAA,U+D804,U+DF3C,U+0BC6,U+D804,U+DF3C:[u0BC6=0+2093|u1133C=0+0|u0BA4=0+1863|u0BC6=3+2093|u1133C=3+0|u0BAA=3+1706|u1133C=3+0]
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
HarfBuzz mailing list
<a class="moz-txt-link-abbreviated" href="mailto:HarfBuzz@lists.freedesktop.org">HarfBuzz@lists.freedesktop.org</a>
<a class="moz-txt-link-freetext" href="https://lists.freedesktop.org/mailman/listinfo/harfbuzz">https://lists.freedesktop.org/mailman/listinfo/harfbuzz</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>