projects / platform / upstream / harfbuzz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6bb543f) | patch
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment 82/294482/1 accepted/tizen_7.0_unified tizen_7.0 accepted/tizen/7.0/unified/20230621.163708
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 6 Feb 2023 21:51:25 +0000 (14:51 -0700)
committerBowon Ryu <bowon.ryu@samsung.com>
Tue, 20 Jun 2023 05:31:14 +0000 (14:31 +0900)
commit3767378e44a362dacc16a0d4fd8a12ac1902df67
tree3b8095c4da323f7fcecf74485cd22d2800dbf2e6tree | snapshot
parent6bb543f4546849799bf794083c45eaecaf4cce7dcommit | diff
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment

Better implementation; avoids arbitrary limit on look-back.

[CVE-2023-25193]
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0
allows attackers to trigger O(n^2) growth via consecutive marks
during the process of looking back for base glyphs when attaching marks.
https://nvd.nist.gov/vuln/detail/CVE-2023-25193

Change-Id: I778490c8c94aae046e38cb07f04753cbc26b8e6a
src/hb-ot-layout-gsubgpos.hh diff | blob | history
Domain: UI Framework / Fonts;