Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/harfbuzz/chromium.patch

Issue 10024052: [Harfbuzz] Fix OOB read in tibetan_form() (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/harfbuzz/README.chromium ('k') | third_party/harfbuzz/src/harfbuzz-tibetan.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/harfbuzz/chromium.patch
diff --git a/third_party/harfbuzz/chromium.patch b/third_party/harfbuzz/chromium.patch
index 57f392ea6a9fb920bc9db528738ca925c186e0a1..a2f44c800de375081be84f4eed09c286f9002310 100644
--- a/third_party/harfbuzz/chromium.patch
+++ b/third_party/harfbuzz/chromium.patch
@@ -1,5 +1,5 @@
diff --git a/contrib/harfbuzz-unicode.c b/contrib/harfbuzz-unicode.c
-index ce4f8e2..eeff2b9 100644
+index 72c5cf2..49e47b0 100644
--- a/contrib/harfbuzz-unicode.c
+++ b/contrib/harfbuzz-unicode.c
@@ -120,7 +120,6 @@ hb_utf16_script_run_next(unsigned *num_code_points, HB_ScriptItem *output,
@@ -34,22 +34,8 @@ index 3837087..ce2ca6c 100644
#ifndef NO_OPENTYPE
if (HB_SelectScript(item, item->item.script == HB_Script_Arabic ? arabic_features : syriac_features)) {
-diff --git a/src/harfbuzz-myanmar.c b/src/harfbuzz-myanmar.c
-index 4b68e64..f4d6d78 100644
---- a/src/harfbuzz-myanmar.c
-+++ b/src/harfbuzz-myanmar.c
-@@ -359,7 +359,8 @@ static HB_Bool myanmar_shape_syllable(HB_Bool openType, HB_ShaperItem *item, HB_
- if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
- reordered[len] = Mymr_C_NGA;
- reordered[len+1] = Mymr_C_VIRAMA;
-- properties[len-1] = AboveForm;
-+ if (len > 0)
-+ properties[len-1] = AboveForm;
- properties[len] = AboveForm;
- len += 2;
- kinzi = -1;
diff --git a/src/harfbuzz-shaper.cpp b/src/harfbuzz-shaper.cpp
-index ce4d4ac..5999e08 100644
+index 7d433ea..dd86a40 100644
--- a/src/harfbuzz-shaper.cpp
+++ b/src/harfbuzz-shaper.cpp
@@ -430,8 +430,6 @@ void HB_HeuristicSetGlyphAttributes(HB_ShaperItem *item)
@@ -134,3 +120,16 @@ index ab5c07a..72c9aa3 100644
} HB_ShaperFlag;
/*
+diff --git a/src/harfbuzz-tibetan.c b/src/harfbuzz-tibetan.c
+index 847ac52..6f9a55b 100644
+--- a/src/harfbuzz-tibetan.c
++++ b/src/harfbuzz-tibetan.c
+@@ -90,7 +90,7 @@ static const unsigned char tibetanForm[0x80] = {
+
+
+ #define tibetan_form(c) \
+- ((c) >= 0x0f40 && (c) <= 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
++ ((c) >= 0x0f40 && (c) < 0x0fc0 ? (TibetanForm)tibetanForm[(c) - 0x0f40] : TibetanOther)
+
+ static const HB_OpenTypeFeature tibetan_features[] = {
+ { HB_MAKE_TAG('c', 'c', 'm', 'p'), CcmpProperty },
« no previous file with comments | « third_party/harfbuzz/README.chromium ('k') | third_party/harfbuzz/src/harfbuzz-tibetan.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698