| Index: third_party/harfbuzz-ng/src/hb-buffer.cc
|
| diff --git a/third_party/harfbuzz-ng/src/hb-buffer.cc b/third_party/harfbuzz-ng/src/hb-buffer.cc
|
| index 406db9c84fce18fb1b0b88a53e161bac7f9a8e53..3940a3dbf8ecd122f86c3fbb2472b21ecfea0afa 100644
|
| --- a/third_party/harfbuzz-ng/src/hb-buffer.cc
|
| +++ b/third_party/harfbuzz-ng/src/hb-buffer.cc
|
| @@ -52,7 +52,7 @@
|
| *
|
| * Checks the equality of two #hb_segment_properties_t's.
|
| *
|
| - * Return value: (transfer full):
|
| + * Return value:
|
| * %true if all properties of @a equal those of @b, false otherwise.
|
| *
|
| * Since: 0.9.7
|
| @@ -183,6 +183,12 @@ hb_buffer_t::shift_forward (unsigned int count)
|
| if (unlikely (!ensure (len + count))) return false;
|
|
|
| memmove (info + idx + count, info + idx, (len - idx) * sizeof (info[0]));
|
| + if (idx + count > len)
|
| + {
|
| + /* Under memory failure we might expose this area. At least
|
| + * clean it up. Oh well... */
|
| + memset (info + len, 0, (idx + count - len) * sizeof (info[0]));
|
| + }
|
| len += count;
|
| idx += count;
|
|
|
| @@ -426,6 +432,8 @@ hb_buffer_t::move_to (unsigned int i)
|
| /* Tricky part: rewinding... */
|
| unsigned int count = out_len - i;
|
|
|
| + /* This will blow in our face if memory allocation fails later
|
| + * in this same lookup... */
|
| if (unlikely (idx < count && !shift_forward (count + 32))) return false;
|
|
|
| assert (idx >= count);
|
|
|
Chromium Code Reviews
Issue 2163983005:
Roll HarfBuzz to 1.3.0 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master