projects / platform / upstream / libHarfBuzzSharp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45766b6) | patch
Guard against underflow when adjusting length (#421)
authorjfkthame <jfkthame@gmail.com>
Fri, 17 Feb 2017 03:03:24 +0000 (03:03 +0000)
committerBehdad Esfahbod <behdad@behdad.org>
Fri, 17 Feb 2017 03:03:24 +0000 (19:03 -0800)
commit44f7d6ecde9bf7427a05cbe73ed5d668b8a72b2a
treed3cc0f4bff1d117ac9b20430b627aaf7b7b19b28tree | snapshot
parent45766b673f427bb791c9d5886cadedfac0447066commit | diff
Guard against underflow when adjusting length (#421)

* Guard against underflow when adjusting length

With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value.

Making `end` a signed int is probably the simplest route to a fix.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1295299.

* Add testcase for #421.
src/hb-ot-layout-gsubgpos-private.hh diff | blob | history
test/shaping/fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf [new file with mode: 0644] blob
test/shaping/tests/fuzzed.tests diff | blob | history
Domain: Dotnet / API;