projects / platform / upstream / harfbuzz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6bb543f) | patch
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment 90/294490/1 accepted/tizen_8.0_unified accepted/tizen_unified_riscv tizen_8.0 accepted/tizen/8.0/unified/20231005.094942 accepted/tizen/unified/20230622.015422 accepted/tizen/unified/riscv/20231211.234151 tizen_8.0_m2_release
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 6 Feb 2023 21:51:25 +0000 (14:51 -0700)
committerBowon Ryu <bowon.ryu@samsung.com>
Tue, 20 Jun 2023 05:44:34 +0000 (14:44 +0900)
commit14f9852c0d6ae99c2881a28b4e5944a22c8587a7
tree3b8095c4da323f7fcecf74485cd22d2800dbf2e6tree | snapshot
parent6bb543f4546849799bf794083c45eaecaf4cce7dcommit | diff
[Tizen] [GPOS] Avoid O(n^2) behavior in mark-attachment

Better implementation; avoids arbitrary limit on look-back.

[CVE-2023-25193]
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0
allows attackers to trigger O(n^2) growth via consecutive marks
during the process of looking back for base glyphs when attaching marks.
https://nvd.nist.gov/vuln/detail/CVE-2023-25193

Change-Id: I778490c8c94aae046e38cb07f04753cbc26b8e6a
src/hb-ot-layout-gsubgpos.hh diff | blob | history
Domain: UI Framework / Fonts;