walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] Put a limit on the number of lookup indices that can be visited during closures 

Fixes https://crbug.com/oss-fuzz/21025
This commit is contained in:
Garret Rieger 2020-03-12 03:02:36 -07:00 committed by GitHub
parent 31218b41c6
commit 834a224a50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/hb-ot-layout-common.hh
View File

@ -68,6 +68,9 @@
#define HB_MAX_FEATURE_INDICES 1500 #define HB_MAX_FEATURE_INDICES 1500
#endif #endif
#ifndef HB_MAX_LOOKUP_INDICES
#define HB_MAX_LOOKUP_INDICES 20000
#endif
namespace OT { namespace OT {

20
src/hb-ot-layout-gsubgpos.hh
View File

@ -78,8 +78,12 @@ struct hb_closure_context_t :
bool should_visit_lookup (unsigned int lookup_index) bool should_visit_lookup (unsigned int lookup_index)
{ {
if (lookup_count++ > HB_MAX_LOOKUP_INDICES)
return false;
if (is_lookup_done (lookup_index)) if (is_lookup_done (lookup_index))
return false; return false;
done_lookups->set (lookup_index, glyphs->get_population ()); done_lookups->set (lookup_index, glyphs->get_population ());
return true; return true;
} }
@ -106,7 +110,9 @@ struct hb_closure_context_t :
recurse_func (nullptr), recurse_func (nullptr),
nesting_level_left (nesting_level_left_), nesting_level_left (nesting_level_left_),
debug_depth (0), debug_depth (0),
done_lookups (done_lookups_) {} done_lookups (done_lookups_),
lookup_count (0)
{}
~hb_closure_context_t () { flush (); } ~hb_closure_context_t () { flush (); }
@ -121,6 +127,7 @@ struct hb_closure_context_t :
private: private:
hb_map_t *done_lookups; hb_map_t *done_lookups;
unsigned int lookup_count;
}; };
struct hb_closure_lookups_context_t : struct hb_closure_lookups_context_t :
@ -153,7 +160,12 @@ struct hb_closure_lookups_context_t :
{ inactive_lookups->add (lookup_index); } { inactive_lookups->add (lookup_index); }
bool is_lookup_visited (unsigned lookup_index) bool is_lookup_visited (unsigned lookup_index)
{ return visited_lookups->has (lookup_index); } {
if (lookup_count++ > HB_MAX_LOOKUP_INDICES)
return true;
return visited_lookups->has (lookup_index);
}
hb_face_t *face; hb_face_t *face;
const hb_set_t *glyphs; const hb_set_t *glyphs;
@ -172,13 +184,15 @@ struct hb_closure_lookups_context_t :
nesting_level_left (nesting_level_left_), nesting_level_left (nesting_level_left_),
debug_depth (0), debug_depth (0),
visited_lookups (visited_lookups_), visited_lookups (visited_lookups_),
inactive_lookups (inactive_lookups_) {} inactive_lookups (inactive_lookups_),
lookup_count (0) {}
void set_recurse_func (recurse_func_t func) { recurse_func = func; } void set_recurse_func (recurse_func_t func) { recurse_func = func; }
private: private:
hb_set_t *visited_lookups; hb_set_t *visited_lookups;
hb_set_t *inactive_lookups; hb_set_t *inactive_lookups;
unsigned int lookup_count;
}; };
struct hb_would_apply_context_t : struct hb_would_apply_context_t :

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5662792105590784 Normal file
View File

Binary file not shown.