projects / platform / upstream / harfbuzz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e6340fb) | patch
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment 81/294481/1 accepted/tizen_6.5_unified tizen_6.5 accepted/tizen/6.5/unified/20230622.095624
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 6 Feb 2023 21:51:25 +0000 (14:51 -0700)
committerBowon Ryu <bowon.ryu@samsung.com>
Tue, 20 Jun 2023 05:12:35 +0000 (14:12 +0900)
commit6aafe3e54f611bc28eb2eab9de9386a4d46d3d0f
treede8c13993e77de126c81af42b2a939ec5c73b70ftree | snapshot
parente6340fb871e5c683d476319a9d572c470c0f3a79commit | diff
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment

Better implementation; avoids arbitrary limit on look-back.

[CVE-2023-25193]
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0
allows attackers to trigger O(n^2) growth via consecutive marks
during the process of looking back for base glyphs when attaching marks.
https://nvd.nist.gov/vuln/detail/CVE-2023-25193

Change-Id: I778490c8c94aae046e38cb07f04753cbc26b8e6a
src/hb-ot-layout-gsubgpos.hh diff | blob | history
Domain: UI Framework / Fonts;