walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[aat] Consume glyph insertion from buffer's max_ops (#2223) 

Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.

clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:

Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
 After the change: 0.02s user 0.00s system 98% cpu 0.024 total

Which takes much longer on valgrind and tsan bots.
This commit is contained in:
Ebrahim Byagowi 2020-07-14 06:23:06 +04:30 committed by GitHub
parent 6937092a66
commit 11d583a9ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hb-aat-layout-morx-table.hh
View File

@ -725,6 +725,7 @@ struct InsertionSubtable
if (entry.data.markedInsertIndex != 0xFFFF)
{
unsigned int count = (flags & MarkedInsertCount);
if ((buffer->max_ops -= count) <= 0) return;
unsigned int start = entry.data.markedInsertIndex;
const HBGlyphID *glyphs = &insertionAction[start];
if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0;
@ -753,6 +754,7 @@ struct InsertionSubtable
if (entry.data.currentInsertIndex != 0xFFFF)
{
unsigned int count = (flags & CurrentInsertCount) >> 5;
if ((buffer->max_ops -= count) <= 0) return;
unsigned int start = entry.data.currentInsertIndex;
const HBGlyphID *glyphs = &insertionAction[start];
if (unlikely (!c->sanitizer.check_array (glyphs, count))) count = 0;

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120 Normal file
View File

Binary file not shown.