From 79a6c258497e80be15245a7b576e34443d9f7bff Mon Sep 17 00:00:00 2001 From: Qunxin Liu Date: Mon, 25 Mar 2019 19:59:37 -0700 Subject: [PATCH 1/7] try to remove deprecated variable from struct definition --- src/hb-subset-plan.cc | 9 +++++---- src/hb-subset-plan.hh | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/hb-subset-plan.cc b/src/hb-subset-plan.cc index 49ab9e133..a001ebc1e 100644 --- a/src/hb-subset-plan.cc +++ b/src/hb-subset-plan.cc @@ -207,23 +207,24 @@ hb_subset_plan_create (hb_face_t *face, plan->drop_layout = input->drop_layout; plan->desubroutinize = input->desubroutinize; plan->unicodes = hb_set_create(); - plan->glyphs_deprecated.init(); + //plan->glyphs_deprecated.init(); plan->source = hb_face_reference (face); plan->dest = hb_face_builder_create (); plan->codepoint_to_glyph = hb_map_create(); plan->glyph_map = hb_map_create(); plan->reverse_glyph_map = hb_map_create(); + hb_vector_t glyphs; plan->_glyphset = _populate_gids_to_retain (face, input->unicodes, input->glyphs, !plan->drop_layout, plan->unicodes, plan->codepoint_to_glyph, - &plan->glyphs_deprecated); + &glyphs); _create_old_gid_to_new_gid_map (face, input->retain_gids, - plan->glyphs_deprecated, + glyphs, plan->glyph_map, plan->reverse_glyph_map, &plan->_num_output_glyphs); @@ -242,7 +243,7 @@ hb_subset_plan_destroy (hb_subset_plan_t *plan) if (!hb_object_destroy (plan)) return; hb_set_destroy (plan->unicodes); - plan->glyphs_deprecated.fini (); + //plan->glyphs_deprecated.fini (); hb_face_destroy (plan->source); hb_face_destroy (plan->dest); hb_map_destroy (plan->codepoint_to_glyph); diff --git a/src/hb-subset-plan.hh b/src/hb-subset-plan.hh index 32c19999d..650a40b01 100644 --- a/src/hb-subset-plan.hh +++ b/src/hb-subset-plan.hh @@ -54,7 +54,7 @@ struct hb_subset_plan_t hb_map_t *reverse_glyph_map; // Deprecated members: - hb_vector_t glyphs_deprecated; + //hb_vector_t glyphs_deprecated; // Plan is only good for a specific source/dest so keep them with it hb_face_t *source; From 3147133b6173487c26813a2a406aebd067b53fbf Mon Sep 17 00:00:00 2001 From: Qunxin Liu Date: Tue, 26 Mar 2019 09:15:56 -0700 Subject: [PATCH 2/7] update arguments in_populate_gids_to_retain() and _create_old_gid_to_new_gid_map() so they don't use deprecated variable --- src/hb-subset-plan.cc | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/src/hb-subset-plan.cc b/src/hb-subset-plan.cc index a001ebc1e..3857c2c8c 100644 --- a/src/hb-subset-plan.cc +++ b/src/hb-subset-plan.cc @@ -99,8 +99,7 @@ _populate_gids_to_retain (hb_face_t *face, const hb_set_t *input_glyphs_to_retain, bool close_over_gsub, hb_set_t *unicodes_to_retain, - hb_map_t *codepoint_to_glyph, - hb_vector_t *glyphs) + hb_map_t *codepoint_to_glyph) { OT::cmap::accelerator_t cmap; OT::glyf::accelerator_t glyf; @@ -145,10 +144,10 @@ _populate_gids_to_retain (hb_face_t *face, _remove_invalid_gids (all_gids_to_retain, face->get_num_glyphs ()); - glyphs->alloc (all_gids_to_retain->get_population ()); - gid = HB_SET_VALUE_INVALID; - while (all_gids_to_retain->next (&gid)) - glyphs->push (gid); + //glyphs->alloc (all_gids_to_retain->get_population ()); + //gid = HB_SET_VALUE_INVALID; + //while (all_gids_to_retain->next (&gid)) + //glyphs->push (gid); cff.fini (); glyf.fini (); @@ -160,26 +159,29 @@ _populate_gids_to_retain (hb_face_t *face, static void _create_old_gid_to_new_gid_map (const hb_face_t *face, bool retain_gids, - const hb_vector_t &glyphs, + hb_set_t *all_gids_to_retain, hb_map_t *glyph_map, /* OUT */ hb_map_t *reverse_glyph_map, /* OUT */ unsigned int *num_glyphs /* OUT */) { - for (unsigned int i = 0; i < glyphs.length; i++) { + hb_codepoint_t gid = HB_SET_VALUE_INVALID; + unsigned int length = 0; + for (unsigned int i = 0; all_gids_to_retain->next (&gid); i++) { if (!retain_gids) { - glyph_map->set (glyphs[i], i); - reverse_glyph_map->set (i, glyphs[i]); + glyph_map->set (gid, i); + reverse_glyph_map->set (i, gid); } else { - glyph_map->set (glyphs[i], glyphs[i]); - reverse_glyph_map->set (glyphs[i], glyphs[i]); + glyph_map->set (gid, gid); + reverse_glyph_map->set (gid, gid); } + ++length; } - if (!retain_gids || glyphs.length == 0) + if (!retain_gids || length == 0) { - *num_glyphs = glyphs.length; + *num_glyphs = length; } else { @@ -213,18 +215,16 @@ hb_subset_plan_create (hb_face_t *face, plan->codepoint_to_glyph = hb_map_create(); plan->glyph_map = hb_map_create(); plan->reverse_glyph_map = hb_map_create(); - hb_vector_t glyphs; plan->_glyphset = _populate_gids_to_retain (face, input->unicodes, input->glyphs, !plan->drop_layout, plan->unicodes, - plan->codepoint_to_glyph, - &glyphs); + plan->codepoint_to_glyph); _create_old_gid_to_new_gid_map (face, input->retain_gids, - glyphs, + plan->_glyphset, plan->glyph_map, plan->reverse_glyph_map, &plan->_num_output_glyphs); From 2d9034491eca0a63db82d3801f05c067a5241b7d Mon Sep 17 00:00:00 2001 From: Qunxin Liu Date: Tue, 26 Mar 2019 10:37:24 -0700 Subject: [PATCH 3/7] completely remove lines that are commented out --- src/hb-subset-plan.cc | 6 ------ src/hb-subset-plan.hh | 3 --- 2 files changed, 9 deletions(-) diff --git a/src/hb-subset-plan.cc b/src/hb-subset-plan.cc index 3857c2c8c..8b7231494 100644 --- a/src/hb-subset-plan.cc +++ b/src/hb-subset-plan.cc @@ -144,10 +144,6 @@ _populate_gids_to_retain (hb_face_t *face, _remove_invalid_gids (all_gids_to_retain, face->get_num_glyphs ()); - //glyphs->alloc (all_gids_to_retain->get_population ()); - //gid = HB_SET_VALUE_INVALID; - //while (all_gids_to_retain->next (&gid)) - //glyphs->push (gid); cff.fini (); glyf.fini (); @@ -209,7 +205,6 @@ hb_subset_plan_create (hb_face_t *face, plan->drop_layout = input->drop_layout; plan->desubroutinize = input->desubroutinize; plan->unicodes = hb_set_create(); - //plan->glyphs_deprecated.init(); plan->source = hb_face_reference (face); plan->dest = hb_face_builder_create (); plan->codepoint_to_glyph = hb_map_create(); @@ -243,7 +238,6 @@ hb_subset_plan_destroy (hb_subset_plan_t *plan) if (!hb_object_destroy (plan)) return; hb_set_destroy (plan->unicodes); - //plan->glyphs_deprecated.fini (); hb_face_destroy (plan->source); hb_face_destroy (plan->dest); hb_map_destroy (plan->codepoint_to_glyph); diff --git a/src/hb-subset-plan.hh b/src/hb-subset-plan.hh index 650a40b01..56726d4d0 100644 --- a/src/hb-subset-plan.hh +++ b/src/hb-subset-plan.hh @@ -53,9 +53,6 @@ struct hb_subset_plan_t hb_map_t *glyph_map; hb_map_t *reverse_glyph_map; - // Deprecated members: - //hb_vector_t glyphs_deprecated; - // Plan is only good for a specific source/dest so keep them with it hb_face_t *source; hb_face_t *dest; From 0dd3fdf9d227f9bd79f395078f8e58dcfc32d1bf Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 25 Mar 2019 15:08:14 -0700 Subject: [PATCH 4/7] Update ChangeLog generation Let's see if I can make a release on Mac... --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index eb46ceaa0..f9f6e3630 100644 --- a/Makefile.am +++ b/Makefile.am @@ -36,7 +36,7 @@ ChangeLog: $(srcdir)/ChangeLog $(srcdir)/ChangeLog: $(AM_V_GEN) if test -d "$(top_srcdir)/.git"; then \ (GIT_DIR=$(top_srcdir)/.git \ - $(GIT) log $(CHANGELOG_RANGE) --stat) | fmt --split-only > $@.tmp \ + $(GIT) log $(CHANGELOG_RANGE) --stat) > $@.tmp \ && mv -f $@.tmp "$(srcdir)/ChangeLog" \ || ($(RM) $@.tmp; \ echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \ From e5dfffb1ef610a982ed9878fbf3f9ee49cbc3a97 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 25 Mar 2019 15:15:37 -0700 Subject: [PATCH 5/7] [docs] Update --- docs/harfbuzz-docs.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/harfbuzz-docs.xml b/docs/harfbuzz-docs.xml index 27353389d..0c462f38a 100644 --- a/docs/harfbuzz-docs.xml +++ b/docs/harfbuzz-docs.xml @@ -136,6 +136,7 @@ API Index Index of deprecated API + Index of new symbols in 2.2.0 Index of new symbols in 2.1.0 Index of new symbols in 2.0.0 Index of new symbols in 1.9.0 From 96f12377942dbe1c6b1d0ffa7d626d99cb265443 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Tue, 26 Mar 2019 16:17:45 -0700 Subject: [PATCH 6/7] [aat] Add missing check to ankr table Isn't absolutely needed. But helps. --- src/hb-aat-layout-ankr-table.hh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/hb-aat-layout-ankr-table.hh b/src/hb-aat-layout-ankr-table.hh index 236e4aaf1..4087b8c1f 100644 --- a/src/hb-aat-layout-ankr-table.hh +++ b/src/hb-aat-layout-ankr-table.hh @@ -76,6 +76,7 @@ struct ankr TRACE_SANITIZE (this); return_trace (likely (c->check_struct (this) && version == 0 && + c->check_range (this, anchorData) && lookupTable.sanitize (c, this, &(this+anchorData)))); } From ec2a5dc859b03ceb92518aa992e4e9c053b30534 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Tue, 26 Mar 2019 16:18:03 -0700 Subject: [PATCH 7/7] Use class templates for Null objects This allows partial-instantiating custom Null object for template Lookup. Before, this had to be handcoded per instantiation. Apparently I missed adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic) null for Lookup object, which is wrong and unsafe. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346 --- src/hb-aat-layout-common.hh | 14 +++----- src/hb-null.hh | 31 +++++++++++------- ...minimized-harfbuzz_fuzzer-5748102301614080 | Bin 0 -> 213 bytes 3 files changed, 24 insertions(+), 21 deletions(-) create mode 100644 test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5748102301614080 diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh index 27ade28fe..2508276c2 100644 --- a/src/hb-aat-layout-common.hh +++ b/src/hb-aat-layout-common.hh @@ -418,15 +418,11 @@ struct Lookup } /* Close namespace. */ /* Ugly hand-coded null objects for template Lookup<> :(. */ extern HB_INTERNAL const unsigned char _hb_Null_AAT_Lookup[2]; -template <> -/*static*/ inline const AAT::Lookup& Null > () -{ return *reinterpret_cast *> (_hb_Null_AAT_Lookup); } -template <> -/*static*/ inline const AAT::Lookup& Null > () -{ return *reinterpret_cast *> (_hb_Null_AAT_Lookup); } -template <> -/*static*/ inline const AAT::Lookup >& Null > > () -{ return *reinterpret_cast > *> (_hb_Null_AAT_Lookup); } +template +struct Null > { + static AAT::Lookup const & get_null () + { return *reinterpret_cast *> (_hb_Null_AAT_Lookup); } +}; namespace AAT { enum { DELETED_GLYPH = 0xFFFF }; diff --git a/src/hb-null.hh b/src/hb-null.hh index 204c2fefd..baddd99b5 100644 --- a/src/hb-null.hh +++ b/src/hb-null.hh @@ -105,15 +105,18 @@ hb_vector_size_impl_t const _hb_NullPool[(HB_NULL_POOL_SIZE + sizeof (hb_vector_ /* Generic nul-content Null objects. */ template -static inline Type const & Null () { - static_assert (hb_null_size (Type) <= HB_NULL_POOL_SIZE, "Increase HB_NULL_POOL_SIZE."); - return *reinterpret_cast (_hb_NullPool); -} +struct Null { + static Type const & get_null () + { + static_assert (hb_null_size (Type) <= HB_NULL_POOL_SIZE, "Increase HB_NULL_POOL_SIZE."); + return *reinterpret_cast (_hb_NullPool); + } +}; template struct NullHelper { typedef typename hb_remove_const (typename hb_remove_reference (QType)) Type; - static const Type & get_null () { return Null (); } + static const Type & get_null () { return Null::get_null (); } }; #define Null(Type) NullHelper::get_null () @@ -122,9 +125,11 @@ struct NullHelper } /* Close namespace. */ \ extern HB_INTERNAL const unsigned char _hb_Null_##Namespace##_##Type[Namespace::Type::null_size]; \ template <> \ - /*static*/ inline const Namespace::Type& Null () { \ - return *reinterpret_cast (_hb_Null_##Namespace##_##Type); \ - } \ + struct Null { \ + static Namespace::Type const & get_null () { \ + return *reinterpret_cast (_hb_Null_##Namespace##_##Type); \ + } \ + }; \ namespace Namespace { \ static_assert (true, "Just so we take semicolon after.") #define DEFINE_NULL_NAMESPACE_BYTES(Namespace, Type) \ @@ -134,10 +139,12 @@ struct NullHelper #define DECLARE_NULL_INSTANCE(Type) \ extern HB_INTERNAL const Type _hb_Null_##Type; \ template <> \ - /*static*/ inline const Type& Null () { \ - return _hb_Null_##Type; \ - } \ -static_assert (true, "Just so we take semicolon after.") + struct Null { \ + static Type const & get_null () { \ + return _hb_Null_##Type; \ + } \ + }; \ + static_assert (true, "Just so we take semicolon after.") #define DEFINE_NULL_INSTANCE(Type) \ const Type _hb_Null_##Type diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5748102301614080 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5748102301614080 new file mode 100644 index 0000000000000000000000000000000000000000..4cb979d94c68e86cea724b45678f4468e0a02589 GIT binary patch literal 213 zcmZQzWME)mVF+NbWH3(5%Py)1a)H2sf$<-6c4|>YBm-LkkZ+TosH2seSW&>>#1aKo z!63%U3}JvwNMy(an!*OeAk&aQ3Y^^lWH~T0GQf-l@qxzL7BK7uvOwU!1JGUumVXQk dy+9tsSdeiLV?iqL0Tzb$CmFsnGVmxc002Be7w-T7 literal 0 HcmV?d00001