From 9cc1ed4fa68075b3b142a2737438109772dd0002 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 19 Nov 2015 12:39:09 -0800
Subject: [PATCH] Do not allow recursiving to same position and same lookup

This is just to make it harder to be extremely slow.  There definitely
are ways still, just harder.  Oh well... how do we tame this problem
without solving halting problem?!

Fixes https://github.com/behdad/harfbuzz/issues/174
---
 src/hb-ot-layout-gsubgpos-private.hh             |   5 +++++
 test/shaping/fonts/sha1sum/MANIFEST              |   1 +
 .../fab39d60d758cb586db5a504f218442cd1395725.ttf | Bin 0 -> 1894 bytes
 test/shaping/tests/fuzzed.tests                  |   1 +
 4 files changed, 7 insertions(+)
 create mode 100644 test/shaping/fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf

diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh
index 36f6dd405..2873d0f09 100644
--- a/src/hb-ot-layout-gsubgpos-private.hh
+++ b/src/hb-ot-layout-gsubgpos-private.hh
@@ -971,6 +971,11 @@ static inline bool apply_lookup (hb_apply_context_t *c,
     if (idx >= count)
       continue;
 
+    /* Don't recurse to ourself at same position.
+     * Note that this test is too naive, it doesn't catch longer loops. */
+    if (idx == 0 && lookupRecord[i].lookupListIndex == c->lookup_index)
+      continue;
+
     buffer->move_to (match_positions[idx]);
 
     unsigned int orig_len = buffer->backtrack_len () + buffer->lookahead_len ();
diff --git a/test/shaping/fonts/sha1sum/MANIFEST b/test/shaping/fonts/sha1sum/MANIFEST
index cb5abe231..86871aa27 100644
--- a/test/shaping/fonts/sha1sum/MANIFEST
+++ b/test/shaping/fonts/sha1sum/MANIFEST
@@ -34,3 +34,4 @@ df768b9c257e0c9c35786c47cae15c46571d56be.ttf
 e207635780b42f898d58654b65098763e340f5c7.ttf
 ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf
 f499fbc23865022234775c43503bba2e63978fe1.ttf
+fab39d60d758cb586db5a504f218442cd1395725.ttf
diff --git a/test/shaping/fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf b/test/shaping/fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf
new file mode 100644
index 0000000000000000000000000000000000000000..451ed0477a45c4a5e765986e08f013803873c1b1
GIT binary patch
literal 1894
zcmd5-U2GIp6#nka{!F1Qq7+!H%>Zky6$*u>B&A@{Wmd$prMno|rnJk_p8!iIWoW7f
z+Q+KIR1=cEh%clNW5Pa=NYoe~O2n9eH9Ywu!4UR=Cjvy1#^F1&z>?)JB|dm3_vbt3
z+;i_ee**>JB@RBUj>NY_i4@cxo3mkAiPo-(v!f(66IVtfo2|gBz7gV`#A~8$v3S#$
zTh|dE14@(8_>Q-}|M>?KD9e$5A{JlOaH{jnr$G4_ad$eCvR7_d+d!Pda(yyA<e2_M
z#Vx3gQu6D1?Y_)la<GM%=LN3yr4GqGULf{yHu?^H(EIHxKk~d6$D!({`g>A)Z#Kuj
zgNh``Z|o;w-i6@H#K%yBaDT=bzMNe<Nt~rV<G?^V_0Qj5H$c5htZSLnu&sS&EQD%3
z%l+oTRHmo>>igBimjQpDJ#fgmc)j8)s5tKvJZ}&7*ptEIi)f!P<+rkn_3+Eb1NAch
z8azIgpU-^aamtBmg#wNCRmx#MtUiRMK2k@xKB`7Mj_{?4wmGQ63f|ayF9CzQ*j(4+
zsQo>I2T9AzDe{6``%sQOm_U{?mM8DW0<((mZ$u0Ab|agmf@%%ne{-mI>!2g-j&bz`
z-gKuZ5q6Ifjd6d{y};3rjd%yx7DJNUI#1_9-b!&N+<opYuJU)#_>!euYgmuknX)zp
z$ZxM-q1Xlz*GYJwqQx`OoaGoLjiQV$8bv}0l|O|@@!`g@Xd>n~>0VDUlo(?H9aJeB
z9&G^$rea=IK`!7qp@3zj+VfacFCOL~W_(&}EMkU>uvvtc6yb;X#<?P%z^2F0{-30L
z0MF)bs*Td!v)S<<$nKr34ka%2YQ(AO@gqQ_1~3h&35Lc8D5d}cQWCbebk;6o*h&pa
zOHFXkp#fMrLjiM$HOK#F=nmjWScZpKb0U9@Gq9a+fc1tK(n>|mKV~|*<~84juIDI+
z>CM&i?@u9jOuwWv5&Q`AQ`pT<!|zN1DSi^Gl0>I9G&%Ru%qrwrjU<{)zK&HKrBPb9
znbF``p;#gjV~rRkzx!>=GEYpDT*LEcTi_%QcyhLRg-o?iGsCVhheJ6j(*D;z-^5)v
z*u5ehOwQ#G;~5Tkh6mQn&I6kY9w-zgot6^IvX^1>5zqKgA}obkjyj~gS$IQ=8w;WQ
c{#vPu1sguT6s7X}n~%IRFFkNb_BxQh3!w@7UH||9

literal 0
HcmV?d00001

diff --git a/test/shaping/tests/fuzzed.tests b/test/shaping/tests/fuzzed.tests
index 23a691ec5..6d4aa0004 100644
--- a/test/shaping/tests/fuzzed.tests
+++ b/test/shaping/tests/fuzzed.tests
@@ -7,3 +7,4 @@ fonts/sha1sum/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf:--font-funcs=ot:U+004
 fonts/sha1sum/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf:--font-funcs=ot:U+0041:[gid0=0+1000|gid1=0+1000|gid8=0+1000|gid3=0+1000|gid0=0+1000|gid1=0+1000|gid1=0+1000|gid8=0+1000|gid3=0+1000|gid0=0+1000|gid1=0+1000|gid8=0+1000|gid3=0+1000|gid0=0+1000|gid1=0+1000|gid1=0+1000]
 fonts/sha1sum/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
 fonts/sha1sum/3511ff5c1647150595846ac414c595cccac34f18.ttf:--font-funcs=ot:U+0041:[gid0=0+1000|gid512=0+1000|gid15104=0+1000|gid11004=0+1000|gid3408=0+1000|gid18244=0+1000|gid17872=0+1000|gid17961=0+1000|gid0=0+1000|gid992=0+1000|gid15616=0+1000|gid0=0+1000|gid14151=0+1000|gid20559=0+1000|gid20992=0+1000|gid5440=0+1000|gid256=0+1000|gid0=0+1000|gid10=0+1000|gid8960=0+1000|gid256=0+1000|gid1024=0+1000|gid1490=0+1000|gid0=0+1000|gid768=0+1000|gid4096=0+1000|gid256=0+1000|gid2216=0+1000|gid0=0+1000|gid256=0+1000|gid256=0+1000|gid0=0+1000|gid768=0+1000|gid10752=0+1000|gid11004=0+1000|gid3408=0+1000|gid18244=0+1000|gid17734=0+1000|gid53248=0+1000|gid256=0+1000|gid0=0+1000|gid512=0+1000|gid14848=0+1000|gid10793=0+1000|gid57344=0+1000|gid768=0+1000|gid18227=0+1000|gid20285=0+1000|gid20480=0+1000|gid0=0+1000|gid256=0+1000|gid0=0+1000|gid810=0+1000|gid0=0+1000|gid11004=0+1000|gid3408=0+1000|gid18244=0+1000|gid17734=0+1000|gid53289=0+1000|gid57344=0+1000|gid768=0+1000|gid15667=0+1000|gid71=0+1000|gid0=0+1000|gid20559=0+1000|gid21248=0+1000|gid256=0+1000|gid0=0+1000|gid2816=0+1000|gid2776=0+1000|gid0=0+1000|gid51516=0+1000|gid0=0+1000|gid32=0+1000|gid26209=0+1000|gid28005=0+1000|gid65249=0+1000|gid29690=0+1000|gid0=0+1000|gid51548=0+1000|gid0=0+1000|gid2454=0+1000|gid28783=0+1000|gid29556=0+1000|gid1291=0+1000|gid3458=0+1000|gid80=0+1000|gid0=0+1000|gid2804=0+1000|gid210=0+1000|gid28786=0+1000|gid25968=0+1000|gid45763=0+1000|gid50546=0+1000|gid0=0+1000|gid59136=0+1000|gid0=0+1000|gid38144=0+1000|gid256=0+1000|gid0=0+1000|gid2560=0+1000|gid30208=0+1000|gid52224=0+1000|gid580=0+1000|gid17996=0+1000|gid21504=0+1000|gid6734=0+1000|gid108=0+1000|gid116=0+1000|gid24846=0+1000|gid1024=0+1000|gid0=0+1000|gid255=0+1000|gid65280=0+1000|gid256=0+1000|gid0=0+1000|gid8704=0+1000|gid1345=0+1000|gid23109=0+1000|gid8192=0+1000|gid10823=0+1000|gid21076=0+1000|gid8192=0+1000|gid12877=0+1000|gid20300=0+1000|gid8192=0+1000|gid6738=0+1000|gid20301=0+1000|gid8192=0+1000|gid16980=0+1000|gid21067=0+1000|gid8251=0+1000|gid18944=0+1000|gid255=0+1000|gid65280=0+1000|gid15360=0+1000|gid256=0+1000|gid255=0+1000|gid65280=0+1000|gid256=0+1000|gid768=0+1000|gid255=0+1000|gid65280=0+1000|gid256=0+1000|gid768=0+1000|gid255=0+1000|gid65280=0+1000|gid256=0+1000|gid1024=0+1000|gid12=0+1000|gid65280=0+1000|gid256=0+1000|gid1280=0+1000|gid255=0+1000|gid65280=0+1000|gid256=0+1000|gid1536=0+1000|gid1899=0+1000|gid25970=0+1000|gid110=0+1000|gid11264=0+1000|gid27502=0+1000|gid29285=0+1000|gid12907=0+1000|gid25974=0+1000|gid28160=0+1000|gid14443=0+1000|gid25970=0+1000|gid28288=0+1000|gid3=0+1000|gid118=0+1000|gid18259=0+1000|gid21826=0+1000|gid45716=0+1000|gid46369=0+1000|gid0=0+1000|gid0=0+1000|gid1=0+1000|gid16=0+1000|gid17=0+1000|gid256=0+1000|gid4=0+1000|gid16=0+1000|gid18244=0+1000|gid17734=0+1000|gid28=0+1000|gid12=0+1000|gid0=0+1000|gid284=0+1000|gid0=0+1000|gid28=0+1000|gid18256=0+1000|gid20307=0+1000|gid45114=0+1000|gid47616=0+1000|gid226=0+1000|gid10296=0+1000|gid0=0+1000|gid57927=0+1000|gid1=0+1000|gid0=0+1000|gid0=0+1000|gid21248=0+1000|gid5440=0+1000|gid256=0+1000|gid0=0+1000|gid10=0+1000|gid768=0+1000|gid256=0+1000|gid1024=0+1000|gid512=0+1000|gid0=0+1000|gid297=0+1000|gid16=0+1000|gid24833=0+1000|gid28774=0+1000|gid10794=0+1000|gid2304=0+1000|gid29=0+1000|gid32=0+1000|gid42=0+1000|gid64515=0+1000|gid42=0+1000|gid42=0+1000|gid64525=0+1000|gid20551=0+1000|gid17477=0+1000|gid18128=0+1000|gid10720=0+1000|gid3=0+1000|gid61=0+1000|gid3408=0+1000|gid18244=0+1000|gid17734=0+1000|gid53289=0+1000|gid57344=0+1000|gid768=0+1000|gid15616=0+1000|gid512=0+1000|gid55=0+1000|gid10576=0+1000|gid20307=0+1000|gid0=0+1000|gid255=0+1000|gid56063=0+1000|gid53504=0+1000|gid42=0+1000|gid42=0+1000|gid64525=0+1000|gid12288=0+1000|gid18176=0+1000|gid80=0+1000|gid20307=0+1000|gid1=0+1000|gid0=0+1000|gid62=0+1000]
+fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf:--font-funcs=ot:U+0041,U+0041:[gid0=0+1000|gid0=1+1000]