walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1800 from harfbuzz/harfbuzz/cffnull_fix2 

[CFF] fix for Subrs null ptr access
This commit is contained in:
Ebrahim Byagowi 2019-06-27 22:09:28 +04:30 committed by GitHub
parent cd65305b05 8341c0b304
commit 7185bd6ffb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/hb-cff-interp-cs-common.hh
View File

@ -62,9 +62,9 @@ struct call_stack_t : stack_t<call_context_t, kMaxCallLimit> {};
template <typename SUBRS> template <typename SUBRS>
struct biased_subrs_t struct biased_subrs_t
{ {
void init (const SUBRS &subrs_) void init (const SUBRS *subrs_)
{ {
subrs = &subrs_; subrs = subrs_;
unsigned int nSubrs = get_count (); unsigned int nSubrs = get_count ();
if (nSubrs < 1240) if (nSubrs < 1240)
bias = 107; bias = 107;
@ -118,7 +118,7 @@ struct point_t
template <typename ARG, typename SUBRS> template <typename ARG, typename SUBRS>
struct cs_interp_env_t : interp_env_t<ARG> struct cs_interp_env_t : interp_env_t<ARG>
{ {
void init (const byte_str_t &str, const SUBRS &globalSubrs_, const SUBRS &localSubrs_) void init (const byte_str_t &str, const SUBRS *globalSubrs_, const SUBRS *localSubrs_)
{ {
interp_env_t<ARG>::init (str); interp_env_t<ARG>::init (str);

2
src/hb-cff1-interp-cs.hh
View File

@ -40,7 +40,7 @@ struct cff1_cs_interp_env_t : cs_interp_env_t<number_t, CFF1Subrs>
template <typename ACC> template <typename ACC>
void init (const byte_str_t &str, ACC &acc, unsigned int fd) void init (const byte_str_t &str, ACC &acc, unsigned int fd)
{ {
SUPER::init (str, *acc.globalSubrs, *acc.privateDicts[fd].localSubrs); SUPER::init (str, acc.globalSubrs, acc.privateDicts[fd].localSubrs);
processed_width = false; processed_width = false;
has_width = false; has_width = false;
arg_start = 0; arg_start = 0;

2
src/hb-cff2-interp-cs.hh
View File

@ -82,7 +82,7 @@ struct cff2_cs_interp_env_t : cs_interp_env_t<blend_arg_t, CFF2Subrs>
void init (const byte_str_t &str, ACC &acc, unsigned int fd, void init (const byte_str_t &str, ACC &acc, unsigned int fd,
const int *coords_=nullptr, unsigned int num_coords_=0) const int *coords_=nullptr, unsigned int num_coords_=0)
{ {
SUPER::init (str, *acc.globalSubrs, *acc.privateDicts[fd].localSubrs); SUPER::init (str, acc.globalSubrs, acc.privateDicts[fd].localSubrs);
coords = coords_; coords = coords_;
num_coords = num_coords_; num_coords = num_coords_;

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5093685255077888 Normal file
View File

Binary file not shown.