harfbuzz

Commit Graph

Author	SHA1	Message	Date
jfkthame	44f7d6ecde	Guard against underflow when adjusting length (#421 ) * Guard against underflow when adjusting length With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value. Making `end` a signed int is probably the simplest route to a fix. Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1295299. * Add testcase for #421.	2017-02-16 19:03:24 -08:00

Author

SHA1

Message

Date

jfkthame

44f7d6ecde

Guard against underflow when adjusting length (#421 )

* Guard against underflow when adjusting length

With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value.

Making `end` a signed int is probably the simplest route to a fix.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1295299.

* Add testcase for #421.

2017-02-16 19:03:24 -08:00

1 Commits