walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Avoid buffer->move_to() in case of buffer error 

Fixes https://github.com/behdad/harfbuzz/issues/223

Right now we cannot test this because it has to be tested using hb-fuzzer.
We should move all fuzzing tests from test/shaping/tests/fuzzed.tests to
test/fuzzing/ and have its own test runner.  At that point, should add
test from this issue as well.
This commit is contained in:
Behdad Esfahbod 2016-02-19 14:52:31 +07:00
parent 7e76bbabba
commit b87e36f6f1
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hb-buffer.cc
View File

@ -407,6 +407,8 @@ hb_buffer_t::move_to (unsigned int i)
idx = i; idx = i;
return true; return true;
} }
if (unlikely (in_error))
return false;
assert (i <= out_len + (len - idx)); assert (i <= out_len + (len - idx));

2
src/hb-ot-layout-gsubgpos-private.hh
View File

@ -971,7 +971,7 @@ static inline bool apply_lookup (hb_apply_context_t *c,
match_positions[j] += delta; match_positions[j] += delta;
} }
for (unsigned int i = 0; i < lookupCount; i++) for (unsigned int i = 0; i < lookupCount && !buffer->in_error; i++)
{ {
unsigned int idx = lookupRecord[i].sequenceIndex; unsigned int idx = lookupRecord[i].sequenceIndex;
if (idx >= count) if (idx >= count)