projects / platform / upstream / libHarfBuzzSharp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecabdff)
[GDEF] Don't assume glyphlist is sorted
authorBehdad Esfahbod <behdad@behdad.org>
Wed, 3 Apr 2019 23:06:55 +0000 (16:06 -0700)
committerBehdad Esfahbod <behdad@behdad.org>
Wed, 3 Apr 2019 23:07:36 +0000 (16:07 -0700)
As was hit by the fuzzer.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14032

src/hb-ot-layout-common.hh patch | blob | history

diff --git a/src/hb-ot-layout-common.hh b/src/hb-ot-layout-common.hh
index 1799d4b..bb06ddb 100644 (file)
--- a/src/hb-ot-layout-common.hh
+++ b/src/hb-ot-layout-common.hh
@@ -1218,8 +1218,8 @@ struct ClassDefFormat1
       return_trace (true);
     }
 
-    hb_codepoint_t glyph_min = glyphs[0];
-    hb_codepoint_t glyph_max = glyphs[glyphs.length - 1];
+    hb_codepoint_t glyph_min = hb_iter (glyphs) | hb_reduce (hb_min, 0xFFFFu);
+    hb_codepoint_t glyph_max = hb_iter (glyphs) | hb_reduce (hb_max, 0u);
 
     startGlyph = glyph_min;
     classValue.len = glyph_max - glyph_min + 1;
@@ -1510,8 +1510,8 @@ struct ClassDef
     unsigned int format = 2;
     if (likely (glyphs))
     {
-      hb_codepoint_t glyph_min = glyphs[0];
-      hb_codepoint_t glyph_max = glyphs[glyphs.length - 1];
+      hb_codepoint_t glyph_min = +glyphs | hb_reduce (hb_min, 0xFFFFu);
+      hb_codepoint_t glyph_max = +glyphs | hb_reduce (hb_max, 0u);
 
       unsigned int count = glyphs.len ();
       unsigned int num_ranges = 1;
Domain: Dotnet / API;