summaryrefslogtreecommitdiffstats
path: root/third_party/harfbuzz
diff options
context:
space:
mode:
authorbashi@chromium.org <bashi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-11 02:19:10 +0000
committerbashi@chromium.org <bashi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-11 02:19:10 +0000
commit94e715503fa84149250d01f31cbc64a683b9cd55 (patch)
tree60b33703f06a4aa569e0d2ed67ab48ba124dbbb9 /third_party/harfbuzz
parent0e3f30727adf5ca0a76ddae8c7bc53eaecdb2380 (diff)
downloadchromium_src-94e715503fa84149250d01f31cbc64a683b9cd55.zip
chromium_src-94e715503fa84149250d01f31cbc64a683b9cd55.tar.gz
chromium_src-94e715503fa84149250d01f31cbc64a683b9cd55.tar.bz2
[Harfbuzz] Fix OOB read in tibetan_form()
|c| should be smaller than 0x0fc0. BUG=chromium:122586 TEST=manual Review URL: http://codereview.chromium.org/10024052 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131694 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/harfbuzz')
-rw-r--r--third_party/harfbuzz/README.chromium2
-rw-r--r--third_party/harfbuzz/chromium.patch31
-rw-r--r--third_party/harfbuzz/src/harfbuzz-tibetan.c2
3 files changed, 17 insertions, 18 deletions
diff --git a/third_party/harfbuzz/README.chromium b/third_party/harfbuzz/README.chromium
index c536a1e..14bdb34 100644
--- a/third_party/harfbuzz/README.chromium
+++ b/third_party/harfbuzz/README.chromium
@@ -9,7 +9,7 @@ Security Critical: yes
Description:
"Harfbuzz is an OpenType text shaping engine."
Read http://behdad.org/text/ if you dare learn more.
-This code was taken from d10a264823e81631336bab37f08a52cc243d3654
+This code was taken from 90138e5a4d15c44f05456f90083ecacdc3196c8e
(git://anongit.freedesktop.org/harfbuzz)
The patch in chromium.patch was applied on top of this; I will talk with
diff --git a/third_party/harfbuzz/chromium.patch b/third_party/harfbuzz/chromium.patch
index 57f392e..a2f44c8 100644
--- a/third_party/harfbuzz/chromium.patch
+++ b/third_party/harfbuzz/chromium.patch
@@ -1,5 +1,5 @@
diff --git a/contrib/harfbuzz-unicode.c b/contrib/harfbuzz-unicode.c
-index ce4f8e2..eeff2b9 100644
+index 72c5cf2..49e47b0 100644
--- a/contrib/harfbuzz-unicode.c
+++ b/contrib/harfbuzz-unicode.c
@@ -120,7 +120,6 @@ hb_utf16_script_run_next(unsigned *num_code_points, HB_ScriptItem *output,
@@ -34,22 +34,8 @@ index 3837087..ce2ca6c 100644
#ifndef NO_OPENTYPE
if (HB_SelectScript(item, item->item.script == HB_Script_Arabic ? arabic_features : syriac_features)) {
-diff --git a/src/harfbuzz-myanmar.c b/src/harfbuzz-myanmar.c
-index 4b68e64..f4d6d78 100644
---- a/src/harfbuzz-myanmar.c
-+++ b/src/harfbuzz-myanmar.c
-@@ -359,7 +359,8 @@ static HB_Bool myanmar_shape_syllable(HB_Bool openType, HB_ShaperItem *item, HB_
- if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
- reordered[len] = Mymr_C_NGA;
- reordered[len+1] = Mymr_C_VIRAMA;
-- properties[len-1] = AboveForm;
-+ if (len > 0)
-+ properties[len-1] = AboveForm;
- properties[len] = AboveForm;
- len += 2;
- kinzi = -1;
diff --git a/src/harfbuzz-shaper.cpp b/src/harfbuzz-shaper.cpp
-index ce4d4ac..5999e08 100644
+index 7d433ea..dd86a40 100644
--- a/src/harfbuzz-shaper.cpp
+++ b/src/harfbuzz-shaper.cpp
@@ -430,8 +430,6 @@ void HB_HeuristicSetGlyphAttributes(HB_ShaperItem *item)
@@ -134,3 +120,16 @@ index ab5c07a..72c9aa3 100644
} HB_ShaperFlag;
/*
+diff --git a/src/harfbuzz-tibetan.c b/src/harfbuzz-tibetan.c
+index 847ac52..6f9a55b 100644
+--- a/src/harfbuzz-tibetan.c
++++ b/src/harfbuzz-tibetan.c
+@@ -90,7 +90,7 @@ static const unsigned char tibetanForm[0x80] = {
+
+
+ #define tibetan_form(c) \
+- ((c) >= 0x0f40 && (c) <= 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
++ ((c) >= 0x0f40 && (c) < 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
+
+ static const HB_OpenTypeFeature tibetan_features[] = {
+ { HB_MAKE_TAG('c', 'c', 'm', 'p'), CcmpProperty },
diff --git a/third_party/harfbuzz/src/harfbuzz-tibetan.c b/third_party/harfbuzz/src/harfbuzz-tibetan.c
index 847ac52..6f9a55b 100644
--- a/third_party/harfbuzz/src/harfbuzz-tibetan.c
+++ b/third_party/harfbuzz/src/harfbuzz-tibetan.c
@@ -90,7 +90,7 @@ static const unsigned char tibetanForm[0x80] = {
#define tibetan_form(c) \
- ((c) >= 0x0f40 && (c) <= 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
+ ((c) >= 0x0f40 && (c) < 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
static const HB_OpenTypeFeature tibetan_features[] = {
{ HB_MAKE_TAG('c', 'c', 'm', 'p'), CcmpProperty },