Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
GNOME:STABLE:3.16
harfbuzz
harfbuzz-limit-buffer-max-size-growth.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File harfbuzz-limit-buffer-max-size-growth.patch of Package harfbuzz
From 4301703bddb63a01651a0d58474bb15ac0ebbcf6 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Thu, 5 Nov 2015 23:44:59 -0800 Subject: [PATCH] Limit buffer max size growth https://github.com/behdad/harfbuzz/issues/161 Backported by Mike Gorse <mgorse@suse.com> --- diff -ur harfbuzz-1.0.3.orig/src/hb-buffer.cc harfbuzz-1.0.3/src/hb-buffer.cc --- harfbuzz-1.0.3.orig/src/hb-buffer.cc 2015-09-01 10:59:29.785158338 -0500 +++ harfbuzz-1.0.3/src/hb-buffer.cc 2016-08-08 20:13:10.770617254 -0500 @@ -92,6 +92,12 @@ if (unlikely (in_error)) return false; + if (unlikely (size > max_len)) + { + in_error = true; + return false; + } + unsigned int new_allocated = allocated; hb_glyph_position_t *new_pos = NULL; hb_glyph_info_t *new_info = NULL; @@ -714,6 +720,8 @@ if (!(buffer = hb_object_create<hb_buffer_t> ())) return hb_buffer_get_empty (); + buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT; + buffer->reset (); return buffer; @@ -739,6 +747,8 @@ HB_BUFFER_CLUSTER_LEVEL_DEFAULT, HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT, + HB_BUFFER_MAX_LEN_DEFAULT, + HB_BUFFER_CONTENT_TYPE_INVALID, HB_SEGMENT_PROPERTIES_DEFAULT, true, /* in_error */ diff -ur harfbuzz-1.0.3.orig/src/hb-buffer-private.hh harfbuzz-1.0.3/src/hb-buffer-private.hh --- harfbuzz-1.0.3.orig/src/hb-buffer-private.hh 2015-09-01 10:59:29.785158338 -0500 +++ harfbuzz-1.0.3/src/hb-buffer-private.hh 2016-08-08 20:13:10.770617254 -0500 @@ -34,6 +34,15 @@ #include "hb-object-private.hh" #include "hb-unicode-private.hh" +#ifndef HB_BUFFER_MAX_EXPANSION_FACTOR +#define HB_BUFFER_MAX_EXPANSION_FACTOR 32 +#endif +#ifndef HB_BUFFER_MAX_LEN_MIN +#define HB_BUFFER_MAX_LEN_MIN 8192 +#endif +#ifndef HB_BUFFER_MAX_LEN_DEFAULT_ +#define HB_BUFFER_MAX_LEN_DEFAULT 0x3FFFFFFF /* Shaping more than a billion chars? Let us know! */ +#endif ASSERT_STATIC (sizeof (hb_glyph_info_t) == 20); ASSERT_STATIC (sizeof (hb_glyph_info_t) == sizeof (hb_glyph_position_t)); @@ -53,6 +62,8 @@ hb_buffer_cluster_level_t cluster_level; hb_codepoint_t replacement; /* U+FFFD or something else. */ + unsigned int max_len; /* Maximum allowed len. */ + /* Buffer contents */ hb_buffer_content_type_t content_type; hb_segment_properties_t props; /* Script, language, direction */ diff -ur harfbuzz-1.0.3.orig/src/hb-ot-shape.cc harfbuzz-1.0.3/src/hb-ot-shape.cc --- harfbuzz-1.0.3.orig/src/hb-ot-shape.cc 2015-09-01 10:59:29.789158287 -0500 +++ harfbuzz-1.0.3/src/hb-ot-shape.cc 2016-08-08 20:13:33.462617668 -0500 @@ -779,6 +779,12 @@ { c->buffer->deallocate_var_all (); + if (likely (!_hb_unsigned_int_mul_overflows (c->buffer->len, HB_BUFFER_MAX_EXPANSION_FACTOR))) + { + c->buffer->max_len = MAX (c->buffer->len * HB_BUFFER_MAX_EXPANSION_FACTOR, + (unsigned) HB_BUFFER_MAX_LEN_MIN); + } + /* Save the original direction, we use it later. */ c->target_direction = c->buffer->props.direction; @@ -801,6 +807,7 @@ c->buffer->props.direction = c->target_direction; + c->buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT; c->buffer->deallocate_var_all (); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor