projects / platform / upstream / harfbuzz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: adc15de) | patch
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment 71/294471/1 accepted/tizen_6.0_unified tizen_6.0 accepted/tizen/6.0/unified/20230621.004738
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 6 Feb 2023 21:51:25 +0000 (14:51 -0700)
committerBowon Ryu <bowon.ryu@samsung.com>
Tue, 20 Jun 2023 01:51:45 +0000 (10:51 +0900)
commit2ac0d6d4cd32d2add09102dc9afae5a03c31ccc5
tree935b182eabec555f3770c4b714b312e07bcaf221tree | snapshot
parentadc15de0bb68e623eb890cc54ae82a36fc5df466commit | diff
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment

Better implementation; avoids arbitrary limit on look-back.

[CVE-2023-25193]
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0
allows attackers to trigger O(n^2) growth via consecutive marks
during the process of looking back for base glyphs when attaching marks.
https://nvd.nist.gov/vuln/detail/CVE-2023-25193

Change-Id: I778490c8c94aae046e38cb07f04753cbc26b8e6a
src/hb-ot-layout-gsubgpos.hh diff | blob | history
Domain: UI Framework / Fonts;