diff options
| author | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-15 02:22:46 +0000 |
|---|---|---|
| committer | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-15 02:22:46 +0000 |
| commit | f7f237cf58c1e7575f784d7f0aa829cb51fbb9f4 (patch) | |
| tree | 51d13f1541996dfb5ab5e4c606d6f62d03a7d5e0 /third_party/harfbuzz | |
| parent | 1f6536a58eced16d5a434d0f134047e78633c84c (diff) | |
| download | chromium_src-f7f237cf58c1e7575f784d7f0aa829cb51fbb9f4.zip chromium_src-f7f237cf58c1e7575f784d7f0aa829cb51fbb9f4.tar.gz chromium_src-f7f237cf58c1e7575f784d7f0aa829cb51fbb9f4.tar.bz2 | |
Fix harfbuzz read past end of string on arabic text.
BUG=23450
TEST=valgrind_webkit_tests.sh LayoutTests/fast/text/drawBidiText.html
Review URL: http://codereview.chromium.org/271098
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29080 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/harfbuzz')
| -rw-r--r-- | third_party/harfbuzz/README.google | 19 | ||||
| -rw-r--r-- | third_party/harfbuzz/src/harfbuzz-arabic.c | 4 |
2 files changed, 19 insertions, 4 deletions
diff --git a/third_party/harfbuzz/README.google b/third_party/harfbuzz/README.google index 34fbfeb..b958bde 100644 --- a/third_party/harfbuzz/README.google +++ b/third_party/harfbuzz/README.google @@ -5,7 +5,8 @@ http://freedesktop.org/wiki/Software/HarfBuzz This code was taken from cb83c38045a7dd098f8edd4530d328e999a7bbaf (git://anongit.freedesktop.org/harfbuzz) -The contrib/ directory was written by us and is in the process of getting upstreamed. Additionally, this patch was applied: +The contrib/ directory was written by us and is in the process of getting upstreamed. Additionally, these patches were applied: + diff --git a/src/harfbuzz-shaper.h b/src/harfbuzz-shaper.h index e8f5513..1577b59 100644 @@ -30,3 +31,19 @@ index e8f5513..1577b59 100644 +}; HB_Bool HB_ShapeItem(HB_ShaperItem *item); + + +http://bugs.freedesktop.org/show_bug.cgi?id=24540: +diff --git a/third_party/harfbuzz/src/harfbuzz-arabic.c b/third_party/harfbuzz/src/harfbuzz-arabic.c +index 0609232..de3c1f4 100644 +--- a/third_party/harfbuzz/src/harfbuzz-arabic.c ++++ b/third_party/harfbuzz/src/harfbuzz-arabic.c +@@ -1009,7 +1009,7 @@ static HB_Bool arabicSyriacOpenTypeShape(HB_ShaperItem *item, HB_Bool *ot_ok) + ++l; + ++properties; + } +- if (f + l < item->stringLength) { ++ if (f + l + item->item.pos < item->stringLength) { + ++l; + } + getArabicProperties(uc+f, l, props); diff --git a/third_party/harfbuzz/src/harfbuzz-arabic.c b/third_party/harfbuzz/src/harfbuzz-arabic.c index 0609232..de3c1f4 100644 --- a/third_party/harfbuzz/src/harfbuzz-arabic.c +++ b/third_party/harfbuzz/src/harfbuzz-arabic.c @@ -1009,7 +1009,7 @@ static HB_Bool arabicSyriacOpenTypeShape(HB_ShaperItem *item, HB_Bool *ot_ok) ++l; ++properties; } - if (f + l < item->stringLength) { + if (f + l + item->item.pos < item->stringLength) { ++l; } getArabicProperties(uc+f, l, props); @@ -1086,5 +1086,3 @@ HB_Bool HB_ArabicShape(HB_ShaperItem *item) HB_HeuristicPosition(item); return TRUE; } - - |