From 15b43a410400c74a32d40f4b89dbea02fa7cd6e1 Mon Sep 17 00:00:00 2001 From: Michiharu Ariza Date: Fri, 28 Feb 2020 08:45:39 -0800 Subject: [PATCH] collect_unicodes() to check gid < num_glyphs with cmap 12 fixes #2204 --- src/hb-face.cc | 2 +- src/hb-ot-cmap-table.hh | 30 +++++++++++------- .../1746cad6bc3fb2b355db50a5af37c9b58d9ad376 | Bin 0 -> 23293 bytes 3 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 test/fuzzing/fonts/1746cad6bc3fb2b355db50a5af37c9b58d9ad376 diff --git a/src/hb-face.cc b/src/hb-face.cc index 0c9949fff..2da0af41f 100644 --- a/src/hb-face.cc +++ b/src/hb-face.cc @@ -546,7 +546,7 @@ void hb_face_collect_unicodes (hb_face_t *face, hb_set_t *out) { - face->table.cmap->collect_unicodes (out); + face->table.cmap->collect_unicodes (out, face->get_num_glyphs ()); } /** * hb_face_collect_variation_selectors: diff --git a/src/hb-ot-cmap-table.hh b/src/hb-ot-cmap-table.hh index 7969aad05..13d9f9f8a 100644 --- a/src/hb-ot-cmap-table.hh +++ b/src/hb-ot-cmap-table.hh @@ -539,7 +539,7 @@ struct CmapSubtableLongSegmented return true; } - void collect_unicodes (hb_set_t *out) const + void collect_unicodes (hb_set_t *out, unsigned int num_glyphs) const { for (unsigned int i = 0; i < this->groups.len; i++) { @@ -548,7 +548,7 @@ struct CmapSubtableLongSegmented (hb_codepoint_t) HB_UNICODE_MAX); for (hb_codepoint_t codepoint = start; codepoint <= end; codepoint++) { - hb_codepoint_t gid = T::group_get_glyph (this->groups[i], codepoint); + hb_codepoint_t gid = T::group_get_glyph (this->groups[i], codepoint, num_glyphs); if (unlikely (!gid)) continue; out->add (codepoint); @@ -576,9 +576,15 @@ struct CmapSubtableLongSegmented struct CmapSubtableFormat12 : CmapSubtableLongSegmented { static hb_codepoint_t group_get_glyph (const CmapSubtableLongGroup &group, - hb_codepoint_t u) - { return likely (group.startCharCode <= group.endCharCode) ? - group.glyphID + (u - group.startCharCode) : 0; } + hb_codepoint_t u, unsigned int num_glyphs = UINT_MAX) + { + hb_codepoint_t g = group.glyphID; + hb_codepoint_t s = group.startCharCode; + return likely (s <= group.endCharCode && + g < num_glyphs && + g + (u - s) < num_glyphs) ? + g + (u - s) : 0; + } template struct CmapSubtableFormat13 : CmapSubtableLongSegmented { static hb_codepoint_t group_get_glyph (const CmapSubtableLongGroup &group, - hb_codepoint_t u HB_UNUSED) - { return group.glyphID; } + hb_codepoint_t u HB_UNUSED, unsigned int num_glyphs = UINT_MAX) + { return likely (group.glyphID < num_glyphs) ? group.glyphID : 0; } }; typedef enum @@ -1077,15 +1083,15 @@ struct CmapSubtable default: return false; } } - void collect_unicodes (hb_set_t *out) const + void collect_unicodes (hb_set_t *out, unsigned int num_glyphs = UINT_MAX) const { switch (u.format) { case 0: u.format0 .collect_unicodes (out); return; case 4: u.format4 .collect_unicodes (out); return; case 6: u.format6 .collect_unicodes (out); return; case 10: u.format10.collect_unicodes (out); return; - case 12: u.format12.collect_unicodes (out); return; - case 13: u.format13.collect_unicodes (out); return; + case 12: u.format12.collect_unicodes (out, num_glyphs); return; + case 13: u.format13.collect_unicodes (out, num_glyphs); return; case 14: default: return; } @@ -1417,8 +1423,8 @@ struct cmap return get_nominal_glyph (unicode, glyph); } - void collect_unicodes (hb_set_t *out) const - { subtable->collect_unicodes (out); } + void collect_unicodes (hb_set_t *out, unsigned int num_glyphs) const + { subtable->collect_unicodes (out, num_glyphs); } void collect_variation_selectors (hb_set_t *out) const { subtable_uvs->collect_variation_selectors (out); } void collect_variation_unicodes (hb_codepoint_t variation_selector, diff --git a/test/fuzzing/fonts/1746cad6bc3fb2b355db50a5af37c9b58d9ad376 b/test/fuzzing/fonts/1746cad6bc3fb2b355db50a5af37c9b58d9ad376 new file mode 100644 index 0000000000000000000000000000000000000000..8e58f0d671f4136665b0e2ebf220fd025bbe1b71 GIT binary patch literal 23293 zcmeI)k6#qmy*KbPv%hzNUG@jNEI)SHpSaNi%a4Vv3A(Yt(j-`-)sj3BF=hzSK+p&w z8VJUM8x9KwtwzogFVaulNZ+`V|#(wk?V{%DN z_10~V7}*)d2D=$s=c=jQR8#nPBHnLtCbn1OND->p9XB=j{q@?Ve`gZB8y>&9`z!w; zE`M!0^;aBUt7NmJ21yCy#auiPC#jij#e8mi$>zCNnqN0R=fxZ)$8=0Km%%eBmRjU} zz7^h!YZuq@VP4$(ugx#H2brIJ@cBmKa&q=Nvon`xXSG*Yp_pF2B2>bbVZUZ+A8J^A zc?LHtuA_&2ZqHC|3y*~oSSW#o68P^WFgySF?7y#B$XO_Xg%VgOfrS!SD1n6%SSW#o z5?CmKg%bEDE&;IxLV_tDlh_Kej#?`gBUfwz$;VPXmoH~ASkAR?U`snB#S_~o@ZW;C z0&}zuiJIRsv3<^rx6dyX;#OEMwsL66I@nCMz&5fS_L9@#46@iX6CjJbTu5F97m-)O zCFE7`TC&)XvYuQH3*<_;np^|dk?Y|`aueJ_ZiU;(?eHOTCwzq54Id*PhkMB<;Zx*( z_%!(pe2zQ>pC?~{FOsjoSIO7l>*O2oBzX$HbsjU6^DV5Hy~UX9Z*!jtr%wKI{EKWQHAeG_Yym!q7e20z-cmOX@B zVeH$O>;t-q-ZMTIQc_QY}xXpsN1Ks zZ0c!ls*#^+luTKqGx0H!)Na=H+;j8u7)1(W-}xl=)fxHpPd+P>eU_~K06DUI^q<+| z*(R~!Rf1+!1yeB%i$#-bJTtHamdKKsjX9W`rL)`Emsl3dVF4Cox1%ZbPIedjD!ZGN zuu`@Lr^ox*gKPu#PGD7R3#(yU*>?6MnxPw6GuzEt*>h|^JHQUIL#&Iv%(~fY>|fa% zIPPB7$KGcB?1$_f_HXPgJI99EFW3e4YxX|-EgE$%voZD&yT<;^K4yPopRh?b&2Hg* zD&gduii_d2oSrjr7A}cP<Pgt_z~k5{Mmv(NATwg{yf1S5d8Uqzd*>&6tc5~Y`kQ)kewrB z=L*?*LUusN&KI%^gq%zvCrilj3psel93dxH$jK9O0zyu{kW(P!W(v7kLatxP%@%U8 zL%Bk3o{$?5a`T1U0wFI`$jcJ){6b!~ke4ImVSn?4ynv9GFXR;nflMKgB?SCJAX^CJ z2!UK7fWrw0fqWrQAmnEX`B_4~U&zlE@^f&A`ME-Vo{*2@%@^_ugn~?=AWJCl3kBIi z0oLaV1$jb2Kqx?Q6x>-|^JMKKLghAl`o=|ee`coNzWkx;icR+Wp4_@^)0VCFuRgZ1 zy0)gecEh$!4}HnLeDh{|skr%8d+DaFn`*ZsbH3)G>a|p`hs5e5N5#=G6SJbixY#08 zmTdfuyq$$u5h}^o**8!@%GoAVj%v0I72|2P3zcFY>p+EgiM@)-aDtsgMHpbGQ3-y^ zeu)ZjiG7F<|0??nKKM`B3_f%jr^W|vc2afXOAF(OTjNE0K{#E3L8 zB2A1)6C={Z2!|Nq5F;F7ghPyQh!GAk!XZXD#0ZBN;SeL7VuVwSaEcL5F~TWEIK>F3 z7~vEnoMMDijBtq&E-}I-M!3WXml)v^BV1yHON?-d5iT*pEk?M-2)7vF79-qZgjg7~v5kykdk`jPQyPUNOQeMtH>t zuNdJKBfMgSSByv(Bhtl)bTJ}bj7S$F(#42$F(O@zNEaj0#fU{>#3C_bkr=T^j94T_ zED|FYi4lv$h(%(=A~B-&=x6SuGc89aS9A^@oq6G?e6siG&3BLf`e^Y{#eZF={D13I zC)8IoCt_l*w8zBaT&g;2oSU0IFffhyjd+Hg;1aku`DOe$$sLmCrE6tcnQ_wn*%H(8 z^6Hu3?q$!+=(=ZWCezm|n@)bOqc7>e^ZVP{Y!}Y;_3WG2d#e5WE#H53?30QdnxNn;Na#znxc!&Mz#T&jnBl-5)!&?TQ`oW`r4NsmJ zKi_%qefn||`@P~Xq?|F(U<@6r1UXH+xYtD9$*?%Djpmi8AP zZx?oMeMZ<({p911zj9-EGGS8wvhqZG&#n{UlO4~!UHO7?=J3o-)9JI5i$>m_;lCZY zV`j~a?AwdpcxcMAU48M3#Ipv-?ZPI)^^{Hw2#h>o@*&gMqk-hs~wQa4c-}J<$ zyqQIJ%q*&(S>E>W_gfCV`O0L$|DJUJe$w&g*`q`6_IAIv^NmOMD0e?lw(I_+75i3p zeWhXJ&co~8dR{q|cPj(C|MqA3rtCuw@3Xn#ZO=S@@QH)lpWoJ5cVO4^&mR2Nh8>$9 z-(I>o|E-zSKRt4^`L(D1b?-;}c7N+vKTw|Q`_`mv*L!#e4De>0i< zt8LG>KEJzT_rA?-oA+%|PTqI3-K3e)ex@~j^YHyg*B+R;J@V+x^B*k!Md4Fzf7zov za8Rr&-QBMoKK#=2#cjpA?`f%OUbAuMSGV0hu;$3d&iZejtp7nne?$LMJxy;OIwm+VWFnxc6Il?uoR#)*9)2r{Tye@3bFo>1=+!>xJhcb%&LA22A@NX{&6nY^`s3 zYWK7CPdrh#ef!S6JD=OJ_Z#m$@{^Y@w|95F^e-=WcXS_qwe_uUeYgI5JC)%*d&1#8 zJNNHsZrQGUdUDOpA7aN_pEGIj6%a2~SVr7C!*dzvw8IeZVdLpYg;|;rLZ&u^bYQioGiP@?5DPmedI<;fCPqp8~ zG8n>js#-3Q%QQSMMT}UcUp&yM{S{n^actxKdx-NZh1}e~ovO1)Eyq)Q$l1LpUrwsR zwpOI)&9gY9<}LY$eCa<}#*Dc3o8Lx0moMPjt{PW&S!_M7OxLrAk$Mb&(z9?KxCvK( zPq59n4y?r={7sl|Wsl6Q&%y;k=G?yU;;TVMEX9AIbN=%`&1~cB+$H+_oQb{s{Q9{Z z#+Snaxe~4>*T8k;dbp9?1h@xhk=XnoQOxH{l(3epgUw_MY$MxYFF75~ zAZNk>az0#0UIrJDSHdOaRq$H!I(R*~92Urxa5cFGt|QmOjpQb{h1?3ak=x-z8TcG|2tH4~0AD0uf-jS=z*ouF;OpcY@FaN(rt%lRZ&Jm4 zzElZo$vW6fw!k*B9rlvb;S6#n93bbzh2&*$5qTwCLS6;0C9i|mlgnX&TnSf`Yv4L^ zJ={ocf?LR~a2vTDK1A+>kC40JW8~v-FZm>Virf#MCZB=Nk%!>(c~Mz+IVaypzr&V&Qxe7KOj3@#$CgiFY) z;I-s+@OpANERZYVYH|%+N3Mq($xUzzxfO0Bx5J0Xo$wKIH++nI9PTBbgin$C;nUyvV;1+T#+(vGP50N|J zBjj%Q82LEdOFjvoBKO0m$!FkmgNw*3;S%yHcrAGyyq;VR3*<_;np^|d zk?Y|`aueJ_ZiU;(?eHOTCwzq54Id*PhkMB<;Zx*(_%!(pe2zQ>pC?~{FOo08m&sS) ztK@6&b@B~(k~{@d`70UPyvV;1+T#+(vGP50N|JBjj%Q82LEdOFjvoBKO0m z$!Fkmc~Mz+IV zaypzr&V&Qxe7KOj3@#$CgiFY);I-s+@OpANERZYVYH|%+N3Mq($xUzzxfO0Bx5J0X zo$wKIH++nI9PTBbgin$C;nUtHk40^7)T*h@}_Gsu~6fSeB(l9$0n^iE`FxEM){=FwnQVb=WIOC7r^6ZKOgKQ!hYQKe;3D!$ zxP-h4UQ1pFuP2wo0=W{dCfC4q7d_!PMx zK21IYpCb>!=gAk~i{wl2W%3pHD)}0GoqPkHBu~Lq{$jUojAA}NMhR=lI@nCMz&5fS z_L9@#400wMAm_t{SMTga_&8@U}m zMDB!-kh|eyrU@HGu zhK?`Ae7@Kr7ON%eU^CeQ+sJm&W$RBe@A~A-BS9lkh2WKYW^e20lj~g3psLz!%Av z;LGGI@Ky3P_&WIpJV~B{XXhQq(DA7tD`72J2b;+j*haR)UUE8|LC%B&rm2pM+15 z`{C2%Gw?a`5PY6|0lrAS1Yag!fv=LU!Pm(*;7RfnO!XfFUzk=gpRZNITCxr{lP$1~ zY=^z%bU1^Y2?xmea3OgaTtr?8mylP%Ysu^2_2hC`AXmcG|WQ^Hy@R_M%R3v46XVJ|ry&LC&P0dhWENL~gPkypYc!z`RLEsg3D2>`=8UCF7K>B7zCfIrG1r-I zAwy^WWN!Z9-26A<{1&E9Fnx&WH%k_uU9$MhlErM98g0)U$MX^iODM!6VaazhSwH8p z?B0j&yZMJWIFI?zx*bIKburqt%UA_Eu4`EX?qvw0%esq2SP$-77+{0ATVaHaqMLf0 zO|WT>M+dc@vvLm3hpy=$7vhS!QgljJa8+C_*MRQmFxSC#aS?Px_i+Qr64&KN6`5+(Si}_N%jIZFU_*%Y!Z^nSP4!(5|o4_#gbAwWW};lS(&UtRwb*IHOQJ} zVOfW)OBRv!$ogahvO(FfY(zFH8+R=yjdQWcgVZs5qXciPd*?Yln={CXlZdL+Mlc zl|f}lS*$EomMJTgRmxgrgR)r}R(2@6lo4f*vQIgn98?Y~N0g(=G3B^&LOHGCRce)9 zWmP#;K9ye;RE1QJjy* zdQ3g8o={I~c#T@4*H|?UjZfp(1T`T|v8Gg0rm4_WX=*hMnr2N{)1m3oL^M5`KFxq; zP&2F<(Tr-wG~=2H&2$VOqmI$XSYsS9z8HT@FeVgJ98(%o7E=*Z6;m725YrqJj_HW$ ziiyPZ#Pr1s#0`$4tab$MUi2SbeND))DKA^~VNdL$SrNrLkqP6|q&Z zwXqGc&9ULwj@Yi)NNi7RU+h5aVC-=0NbG3rSnPQ0MC^1NAE%Df$64bXalSZzTre&a zR~%OwR~AxzrS^~CkX4a5z`4abedjmC||jmJ&IO>23rTC3Mu zwGORM>(>UgA#Jg?R9mL4&{k<{wGG;4ZCKl(?b1fHJ=#9)fOb$jtR2ygYR9zW+6nEn zj@PMmdYx70(D`(JT~HU&73)fMWx5Jom9AFTpljBJbsf4cT}0QT>(dSB26e-_5#6Y6 zOgFBZ&`rnl@#=Veyfxkt?~C`x2jfHW#qp)_W$_j9Rq?g)4e`zK;rNdDuJ}lNPkdke zK>T3*aQsO8X#80Gc>F~Cw4T?i^?JQk@6h}7etl3M(iiJX^=0}BeU-je-=J^ShxHx$ zE`3DbqwmuX=m+(~`Vsx8eoQ~EpU_Vmc!S!YH&_i0gU{eM1PviWv7yvZW~eY!8EOp; zhGs+9&|&B@L<~KKKEr@v&@gNmF^n3<4C96g!?ck%s*QT1)#xz#jDBO#7%~1rasevY0xxm8ZnKU#!Ta;3Da}}pP)|ACs-34 z3BCk>LNFneP@GVjP?k`UP?b=d(2&ra5Kibw=t_tr^d$5p3?vLD3@3~vj3$gFj3-Pa zOq+SL+N?KQ%?`8A>^BF^A#<_0)Ldq+Fjtvt%?;*ebJ*Nr?lMQrJ?1|1fO*h7Y#uR> zn#auJ<_Yt(g}10JdW+TKu=p%~OVARs6kAFyWtIv{m8I6wU}?65EghCFOT^M+>9Y)2 z1}(#u5zDA$%rb77uuLcNiRwgsqBYTx=u7k`1`|Vx#fhbfWr-DuRf)BU4T;T(;lz%_ zuEa=UPhwxahB(erwPgvKCuQt!35pGACk2y2NySN} zNo7eDNmWU;NexNON#Uf9q^_h$QcqG}(m>K+(s0s9(rD6H(s0# zr|>E26n%;{#gXDm@uvh+LMg>5r72}86)9CIwJ8lL%_-rOj+CyHNJ>viU&=trV9IdH zNXlr+Sju?HM9Oq3pQ=vPr&?1TslHTyYA`jFTAW&%T9#UoT9sOx+K}3u8cyv#{{`J+?mEfNjt=Y#XtS+Qw|-wh7y`owuv)db`!`u>0(Od(a-T7u!qiW%det zmA%&9U~jgE?H%?md&J&j@3Rls2kpc55&Nip%sy_PuurG)xD!mDW=(UX`O^Gp!L(3X zaaw6wSz1L}Ra$LYLt1lMIISbCD=m`Nlh&6ukT#e$oHmj+nl_d;o;Hy-?ci}snBHM^ zI2=BQ-w||#9L0`ON13C-QRS$0G&q_aVMm9f%Mo$(IQkp|jzPz;W5hA)7;}s}CLGgF z9`}anomQvA>2vy>L1)NW>@0PbIV+r1&RS=Kv)LJTb~wA75oeFH&pF^6bPhX5oTJV$ z=eTpiIql+clbGIRbvaxKb#6yCz)IZXS1w>D^Yh!|ikX-9dNAUFQWA!*ZK9AoM^n^Uco>EVlr@~X^sr58?nmu7p zho{RE@$`85JOiFV&#-62GwK=hjC&?L(_S9;kLkTuufyx}`n^GK$Xo0!^_F=nKEJlZ zGV8zGMzN5dyCLI?5?Uyah4T2KGAw*w7S0z7=S%U1wJ#nE=f{Qf;}?|y_-C&V{{s%; zpZz0P*#Cu7%KxNO%KxuEi+@MsSQBpjE-zZ~mAmeZ+h)VK#8v2Xye1B|oQ%GRPWK<> z!FFhE+a|b$`J$_q%zPce(rVdM>2r24{Z#E5G;@Y4l~t zlEvT6`*TEl0QZBn;-2hwaj+)$Fh;5|ZY8##``tX#8`(&|coXTriGwvm^)F$6y3n6t z`1)Lh=47_xOW%sl4Sx`C;lSgUci-p|m%q_13Po2>?bT#z#NU%r{p0WCX_w9{Mb?j_ zt7oj5%>Vq=!21`8IhcnqRPzB$VyWUm3-Puc@gc=4N~OEze=iSB?%6mB+5A#|ne|J* zi?l|@OJ&lzp#}E2pwDMTB_%}|T40y|e12cFOQmPAZn?N#ofP*t7Ixg6o6QbzVmC3H zy_d0QKTU7Xr^OzfS(HCNf_!{NpKtSdzL+-`^EUq)JI^PxDV4zLR8O-ye4;_wEDOq~ zSdf2s_9*}Fvxk*eSx|W&@(WnHd>Z+GVtJ|`WBX0m{vr!X%2~SVF8G&-`zZ^mo@900 zIJ?fNXCvHpOp4iv0*arTYbquedz z{SB|V9aHt}c}Xm$a+ZbnJJ0=W_5=oF1f_$sA90b{9IxEz@E9b4KYH)DZS|(w-spR8 z8B@OE*!-7vzHm)w<5d11_}2@+wzI7F;LoCOzv)QHSz38wQ;cTOYRSbZ)$j00XU%Mq z|5A~Qp&Eq5&g1cV^V0kYCZk-DkUh8L3=&Cs$?l>b z9_7A_@w5)^^;Zh}Zv7$JAH5QNi5v7h@+FO*i+Qv$^X~N5Ev}O2yZ>?z|J~e`d!iSI zK92qwBX9ls=u?nKdm5*;O4=hj9 zXx-=6JSlzP6O%k1LjzcF=8v)`q%Cu$ycp$d7E2jr>B`H^@pwHrCcJOJZ<5QAZAMAs z%jI$dV0E1!CC372GFo)}!=$$t1>qK`%2`3{%%(XYAx!#7SoAl|P1QS^SP zM_PsPxAFL0PqBoVd9HL_F1J}OS16ul?Ti%Ur#zgPEBH!@;dANi1QH*APg+ zu_-<;+qt7Q7$jVYJ-tSslYe`jPo_1;8jOkzyKis(@FnGM_>|<0WX_}>LJz-IlA`ba)ZPmGwVIK$)v%8 zbd^GC|9bpgzffe|W6~}vY1y}B--b9}$)afUp42>9=HzL~Rq-syZsqcK$iIO-PoAqK zj5EgZs1I{5p8KC`i^Rb3cN9LpR&PjB6yMMJR@{k-vgE!En+MCHKK?@0`#;Vy>SS`y zsRvE^)YVHvD|eRl@YA1O=6@#E@kn%^>>E0DJ z-tps&x92FluEGbRpGBn~uGx^Ep>US*ce`$V`QzWbvF;9oVc+e>`~LiQ9pave)g(%M z(@$_)@tGWtzAAfP{Sj(=8V2V(G2U9Nhv+7kE8=*C1f8f(6dh`RUS5389TFB$Nn~gB znw;mNGw+|t%F#=c;&%Uh$GXSw{$HE3%!^xJ;1hP zF7ar+`ka?9y}#$_!dqVMnLkGBqQ8}QDxSG_`L$@5Li5}c{}KHW_V1ox;n&OVNl)Q3 z^73Aq7(CmwgY$m+sz&}x?%~fq6mKYgFZyqiVr3!D5cB89#cY0W#eJ1XLP ze6YXep8T&5{iMXaM7>15Xww@HVtBf8`2Cx_!~ch83O9UBer)v9*A@Tg#rf06Bl0`s zuYK{cIT+3i0W+OL^#7$gnsg{l)X0DS|1q<0AnYF=3+aEJ^7u>i+J+6mZP7pc9v>iA G`F{b+{I4tk literal 0 HcmV?d00001