[aat] Consume glyph insertion from buffer's max_ops (#2223)

Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.

clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:

Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
 After the change: 0.02s user 0.00s system 98% cpu 0.024 total

Which takes much longer on valgrind and tsan bots.
This commit is contained in:
Ebrahim Byagowi 2020-07-14 06:23:06 +04:30 committed by GitHub
parent 6937092a66
commit 11d583a9ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions

View File

@ -725,6 +725,7 @@ struct InsertionSubtable
if (entry.data.markedInsertIndex != 0xFFFF) if (entry.data.markedInsertIndex != 0xFFFF)
{ {
unsigned int count = (flags & MarkedInsertCount); unsigned int count = (flags & MarkedInsertCount);
if ((buffer->max_ops -= count) <= 0) return;
unsigned int start = entry.data.markedInsertIndex; unsigned int start = entry.data.markedInsertIndex;
const HBGlyphID *glyphs = &insertionAction[start]; const HBGlyphID *glyphs = &insertionAction[start];
if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0; if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0;
@ -753,6 +754,7 @@ struct InsertionSubtable
if (entry.data.currentInsertIndex != 0xFFFF) if (entry.data.currentInsertIndex != 0xFFFF)
{ {
unsigned int count = (flags & CurrentInsertCount) >> 5; unsigned int count = (flags & CurrentInsertCount) >> 5;
if ((buffer->max_ops -= count) <= 0) return;
unsigned int start = entry.data.currentInsertIndex; unsigned int start = entry.data.currentInsertIndex;
const HBGlyphID *glyphs = &insertionAction[start]; const HBGlyphID *glyphs = &insertionAction[start];
if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0; if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0;