walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Avoid undefined-behavior in fallback mark positioning 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5584
This commit is contained in:
Behdad Esfahbod 2018-02-08 17:14:52 -06:00
parent 3b68a03a1c
commit b220b5a444
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/hb-ot-shape-fallback.cc
View File

@ -200,8 +200,7 @@ position_mark (const hb_ot_shape_plan_t *plan,
unsigned int combining_class) unsigned int combining_class)
{ {
hb_glyph_extents_t mark_extents; hb_glyph_extents_t mark_extents;
if (!font->get_glyph_extents (buffer->info[i].codepoint, if (!font->get_glyph_extents (buffer->info[i].codepoint, &mark_extents))
&mark_extents))
return; return;
hb_position_t y_gap = font->y_scale / 16; hb_position_t y_gap = font->y_scale / 16;
@ -322,7 +321,9 @@ position_around_base (const hb_ot_shape_plan_t *plan,
base_extents.y_bearing += buffer->pos[base].y_offset; base_extents.y_bearing += buffer->pos[base].y_offset;
unsigned int lig_id = _hb_glyph_info_get_lig_id (&buffer->info[base]); unsigned int lig_id = _hb_glyph_info_get_lig_id (&buffer->info[base]);
unsigned int num_lig_components = _hb_glyph_info_get_lig_num_comps (&buffer->info[base]); /* Use integer for num_lig_components such that it doesn't convert to unsigned
* when we divide or multiply by it. */
int num_lig_components = _hb_glyph_info_get_lig_num_comps (&buffer->info[base]);
hb_position_t x_offset = 0, y_offset = 0; hb_position_t x_offset = 0, y_offset = 0;
if (HB_DIRECTION_IS_FORWARD (buffer->props.direction)) { if (HB_DIRECTION_IS_FORWARD (buffer->props.direction)) {
@ -331,7 +332,7 @@ position_around_base (const hb_ot_shape_plan_t *plan,
} }
hb_glyph_extents_t component_extents = base_extents; hb_glyph_extents_t component_extents = base_extents;
unsigned int last_lig_component = (unsigned int) -1; int last_lig_component = -1;
unsigned int last_combining_class = 255; unsigned int last_combining_class = 255;
hb_glyph_extents_t cluster_extents = base_extents; /* Initialization is just to shut gcc up. */ hb_glyph_extents_t cluster_extents = base_extents; /* Initialization is just to shut gcc up. */
hb_glyph_info_t *info = buffer->info; hb_glyph_info_t *info = buffer->info;
@ -340,7 +341,7 @@ position_around_base (const hb_ot_shape_plan_t *plan,
{ {
if (num_lig_components > 1) { if (num_lig_components > 1) {
unsigned int this_lig_id = _hb_glyph_info_get_lig_id (&info[i]); unsigned int this_lig_id = _hb_glyph_info_get_lig_id (&info[i]);
unsigned int this_lig_component = _hb_glyph_info_get_lig_comp (&info[i]) - 1; int this_lig_component = _hb_glyph_info_get_lig_comp (&info[i]) - 1;
/* Conditions for attaching to the last component. */ /* Conditions for attaching to the last component. */
if (!lig_id || lig_id != this_lig_id || this_lig_component >= num_lig_components) if (!lig_id || lig_id != this_lig_id || this_lig_component >= num_lig_components)
this_lig_component = num_lig_components - 1; this_lig_component = num_lig_components - 1;