Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(62)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/harfbuzz/chromium.patch

Issue 10024052: [Harfbuzz] Fix OOB read in tibetan_form() (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/harfbuzz/README.chromium ('k') | third_party/harfbuzz/src/harfbuzz-tibetan.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/contrib/harfbuzz-unicode.c b/contrib/harfbuzz-unicode.c 1 diff --git a/contrib/harfbuzz-unicode.c b/contrib/harfbuzz-unicode.c
2 index ce4f8e2..eeff2b9 100644 2 index 72c5cf2..49e47b0 100644
3 --- a/contrib/harfbuzz-unicode.c 3 --- a/contrib/harfbuzz-unicode.c
4 +++ b/contrib/harfbuzz-unicode.c 4 +++ b/contrib/harfbuzz-unicode.c
5 @@ -120,7 +120,6 @@ hb_utf16_script_run_next(unsigned *num_code_points, HB_Scrip tItem *output, 5 @@ -120,7 +120,6 @@ hb_utf16_script_run_next(unsigned *num_code_points, HB_Scrip tItem *output,
6 current_script = script; 6 current_script = script;
7 continue; 7 continue;
8 } else if (script == HB_Script_Inherited) { 8 } else if (script == HB_Script_Inherited) {
9 - current_script = script; 9 - current_script = script;
10 continue; 10 continue;
11 } else { 11 } else {
12 *iter = prev_iter; 12 *iter = prev_iter;
(...skipping 14 matching lines...) Expand all
27 --- a/src/harfbuzz-arabic.c 27 --- a/src/harfbuzz-arabic.c
28 +++ b/src/harfbuzz-arabic.c 28 +++ b/src/harfbuzz-arabic.c
29 @@ -1107,6 +1107,7 @@ HB_Bool HB_ArabicShape(HB_ShaperItem *item) 29 @@ -1107,6 +1107,7 @@ HB_Bool HB_ArabicShape(HB_ShaperItem *item)
30 assert(item->item.script == HB_Script_Arabic || item->item.script == HB_Scr ipt_Syriac 30 assert(item->item.script == HB_Script_Arabic || item->item.script == HB_Scr ipt_Syriac
31 || item->item.script == HB_Script_Nko); 31 || item->item.script == HB_Script_Nko);
32 32
33 + item->shaperFlags |= HB_ShaperFlag_ForceMarksToZeroWidth; 33 + item->shaperFlags |= HB_ShaperFlag_ForceMarksToZeroWidth;
34 #ifndef NO_OPENTYPE 34 #ifndef NO_OPENTYPE
35 35
36 if (HB_SelectScript(item, item->item.script == HB_Script_Arabic ? arabic_fe atures : syriac_features)) { 36 if (HB_SelectScript(item, item->item.script == HB_Script_Arabic ? arabic_fe atures : syriac_features)) {
37 diff --git a/src/harfbuzz-myanmar.c b/src/harfbuzz-myanmar.c
38 index 4b68e64..f4d6d78 100644
39 --- a/src/harfbuzz-myanmar.c
40 +++ b/src/harfbuzz-myanmar.c
41 @@ -359,7 +359,8 @@ static HB_Bool myanmar_shape_syllable(HB_Bool openType, HB_S haperItem *item, HB_
42 if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
43 reordered[len] = Mymr_C_NGA;
44 reordered[len+1] = Mymr_C_VIRAMA;
45 - properties[len-1] = AboveForm;
46 + if (len > 0)
47 + properties[len-1] = AboveForm;
48 properties[len] = AboveForm;
49 len += 2;
50 kinzi = -1;
51 diff --git a/src/harfbuzz-shaper.cpp b/src/harfbuzz-shaper.cpp 37 diff --git a/src/harfbuzz-shaper.cpp b/src/harfbuzz-shaper.cpp
52 index ce4d4ac..5999e08 100644 38 index 7d433ea..dd86a40 100644
53 --- a/src/harfbuzz-shaper.cpp 39 --- a/src/harfbuzz-shaper.cpp
54 +++ b/src/harfbuzz-shaper.cpp 40 +++ b/src/harfbuzz-shaper.cpp
55 @@ -430,8 +430,6 @@ void HB_HeuristicSetGlyphAttributes(HB_ShaperItem *item) 41 @@ -430,8 +430,6 @@ void HB_HeuristicSetGlyphAttributes(HB_ShaperItem *item)
56 42
57 // ### zeroWidth and justification are missing here!!!!! 43 // ### zeroWidth and justification are missing here!!!!!
58 44
59 - assert(item->num_glyphs <= length); 45 - assert(item->num_glyphs <= length);
60 - 46 -
61 // qDebug("QScriptEngine::heuristicSetGlyphAttributes, num_glyphs=%d", item ->num_glyphs); 47 // qDebug("QScriptEngine::heuristicSetGlyphAttributes, num_glyphs=%d", item ->num_glyphs);
62 HB_GlyphAttributes *attributes = item->attributes; 48 HB_GlyphAttributes *attributes = item->attributes;
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 HB_ShaperFlag_NoKerning = 1, 113 HB_ShaperFlag_NoKerning = 1,
128 - HB_ShaperFlag_UseDesignMetrics = 2 114 - HB_ShaperFlag_UseDesignMetrics = 2
129 + HB_ShaperFlag_UseDesignMetrics = 1 << 1, 115 + HB_ShaperFlag_UseDesignMetrics = 1 << 1,
130 + /* Arabic vowels in some fonts (Times New Roman, at least) have 116 + /* Arabic vowels in some fonts (Times New Roman, at least) have
131 + non-zero advances, when they should be zero. Setting this shaper 117 + non-zero advances, when they should be zero. Setting this shaper
132 + flag causes us to zero out the advances for mark glyphs. */ 118 + flag causes us to zero out the advances for mark glyphs. */
133 + HB_ShaperFlag_ForceMarksToZeroWidth = 1 << 2 119 + HB_ShaperFlag_ForceMarksToZeroWidth = 1 << 2
134 } HB_ShaperFlag; 120 } HB_ShaperFlag;
135 121
136 /* 122 /*
123 diff --git a/src/harfbuzz-tibetan.c b/src/harfbuzz-tibetan.c
124 index 847ac52..6f9a55b 100644
125 --- a/src/harfbuzz-tibetan.c
126 +++ b/src/harfbuzz-tibetan.c
127 @@ -90,7 +90,7 @@ static const unsigned char tibetanForm[0x80] = {
128
129
130 #define tibetan_form(c) \
131 - ((c) >= 0x0f40 && (c) <= 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
132 + ((c) >= 0x0f40 && (c) < 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : T ibetanOther)
133
134 static const HB_OpenTypeFeature tibetan_features[] = {
135 { HB_MAKE_TAG('c', 'c', 'm', 'p'), CcmpProperty },
OLDNEW
« no previous file with comments | « third_party/harfbuzz/README.chromium ('k') | third_party/harfbuzz/src/harfbuzz-tibetan.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698