Commit Graph

359 Commits

Author SHA1 Message Date
Behdad Esfahbod 6d7c6e19dc Fix two undefined-behavior issues
Fixes https://github.com/harfbuzz/harfbuzz/issues/761
Fixes https://github.com/harfbuzz/harfbuzz/issues/762
2018-02-07 14:09:56 -06:00
Behdad Esfahbod 12757b6929 Misc warning fixes
Fixes https://github.com/harfbuzz/harfbuzz/issues/712
2018-01-26 18:14:05 -08:00
Behdad Esfahbod fd03449094 Rename hb_apply_context_t to hb_ot_apply_context_t 2018-01-19 16:40:13 -08:00
Behdad Esfahbod 949f6af289 Disallow sanitize recursing into Extension subtables multiple times
Fixes https://oss-fuzz.com/v2/testcase-detail/5216838347653120
which is a stack overflow, not by way of infinite recursion, just
being deep.  That's disallowed anyway, so catch it as it happens,
not afterwards.
2018-01-15 20:44:10 -05:00
Behdad Esfahbod bcb6f1ae0a Whitespace 2018-01-15 20:34:05 -05:00
Behdad Esfahbod 6b19178ee3 Prefix int types with HB
Such a headache that Windows defines UINT8, ...; Just prefix it.
2018-01-10 03:07:30 +01:00
Behdad Esfahbod 71e6adf1e2 [collect_glyphs] handle ClassDef better 2017-12-16 11:07:37 -05:00
Behdad Esfahbod 5d02572034 [set] Add add_sorted_array()
Not optimized to use sortedness yet.  Also start putting in place infra
to faster reject bad data.

A version of Chandas.ttf found on some Chrome bots has 660kb of GPOS,
mostly junk.  That is causing 48 million of set->add() calls in
collect_glyphs(), which is insane.

In the upcoming commits, I'll be speeding that up by optimizing
add_sorted_array(), while also reducing work by rejecting out-of-sort
arrays quickly and propagate the rejection.

Part of https://bugs.chromium.org/p/chromium/issues/detail?id=794896
2017-12-14 19:35:47 -08:00
ebraminio 7c6937e7c7
Move all references of old url to the new address (#622) 2017-11-20 14:49:22 -05:00
Behdad Esfahbod baf7779d2d Limit how much recursion GSUB/GPOS does
This only counts recursions right now.  Good start.

Hopefully...
Fixes https://github.com/behdad/harfbuzz/issues/429
2017-11-14 21:55:37 -08:00
Behdad Esfahbod 6f335ed1e5 Replace USHORT/SHORT/ULONG/etc with UINT16/INT16/UINT32/etc 2017-11-14 21:06:07 -08:00
Behdad Esfahbod a130ee6df5 Remove a couple of unused consts 2017-11-14 20:30:03 -08:00
Behdad Esfahbod e5930722d4 Fix invalid buffer access in OOM times
Hopefully fully fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1856
2017-11-14 15:47:55 -08:00
Behdad Esfahbod 5aad819433 Simplify tracing code when tracing is disabled
Fixes https://github.com/behdad/harfbuzz/pull/605
2017-11-03 17:18:17 -04:00
Behdad Esfahbod 40ec3bbb55 Consolidate debug stuff into hb-debug.hh
Part of fixing https://github.com/behdad/harfbuzz/pull/605
2017-11-03 17:18:17 -04:00
Behdad Esfahbod 8b9d9b71b0 Fix set initialization issues 2017-10-22 17:48:06 -04:00
Behdad Esfahbod dbdbfe3d7b Use nullptr instead of NULL 2017-10-15 12:11:08 +02:00
Behdad Esfahbod 621c49cb86 Improve performance of ligature component matching
This O(N^2) was introduced in 8b2c94c43f.
Make it O(N).
2017-10-04 15:06:48 +02:00
Behdad Esfahbod c44657a05d Tweak input matching some more
Followup to 8b2c94c43f

Allow matching sequences of marks attached to different ligatures,
as supposedly the base of the subsequent marks were already jumped
over.
2017-10-03 13:14:17 +02:00
Behdad Esfahbod 8b2c94c43f Tweak ligature component matching for ligature formation
If two marks want to ligate and they belong to different components of the
same ligature glyph, and said ligature glyph is to be ignored according to
mark-filtering rules, then allow.

Example Burmese senquence:

  U+1004,U+103A,U+1039,U+101B,U+103D,U+102D

Test font provided by Norbert Lindenberg.

Fixes https://github.com/behdad/harfbuzz/issues/545
2017-10-02 20:03:35 +02:00
Behdad Esfahbod 40bd7e9a1c [unsafe-to-break] Add UNSAFE_TO_BREAK flag
Not all shapers code is updated to set this properly.
GSUB and Arabic shaper are updated.
GPOS and other shapers are NOT.

Fixes https://github.com/behdad/harfbuzz/issues/224
2017-08-10 15:02:28 -07:00
Behdad Esfahbod cdf1fd0627 [indic] Add infrastructure to disable ZWNJ-skipping in context-matching
Not used yet.
2017-07-14 12:43:34 +01:00
Khaled Hosny 06cfe3f736 Do not skip TAG characters in glyph substitution (#487)
Hide them like Mongolian Free Variation Selectors instead.

Fixes https://github.com/behdad/harfbuzz/issues/463
2017-05-17 11:32:47 -07:00
Chris Peterson aacca37590 Fix clang -Wcomma warnings (#471) (#472)
clang's new -Wcomma compiler option warns about possible misuse of the
comma operator such as between two statements.

hb-common.cc:190:9 [-Wcomma] possible misuse of comma operator here
hb-ot-layout-gsubgpos-private.hh:345:30 [-Wcomma] possible misuse of
comma operator here
hb-shape-plan.cc:438:26 [-Wcomma] possible misuse of comma operator here
2017-04-17 23:25:24 -07:00
Behdad Esfahbod 47e7a1800f Revert "Fix Context lookup application when moving back after a glyph delete"
This reverts commit b9b005f3a4.

This introduced invalid access cases. Revert until I fix correctly.
2017-03-10 13:23:02 -08:00
Behdad Esfahbod 9ac9af725c Add TODO item 2017-03-05 13:51:01 -08:00
Behdad Esfahbod b9b005f3a4 Fix Context lookup application when moving back after a glyph delete
This was broken forever, since days that we did not allow moving
tape backwards. Works now. Reported by Doug Felt.
2017-03-01 14:27:23 -08:00
jfkthame 44f7d6ecde Guard against underflow when adjusting length (#421)
* Guard against underflow when adjusting length

With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value.

Making `end` a signed int is probably the simplest route to a fix.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1295299.

* Add testcase for #421.
2017-02-16 19:03:24 -08:00
Behdad Esfahbod 5e156fa5ed Add LOffsetTo<> 2017-01-22 20:28:56 -08:00
Behdad Esfahbod 4b4a1b9f23 Fix assert fail with contextual matching
As discovered by libFuzzer / Chromium fuzzing.

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=659496
CC https://github.com/behdad/harfbuzz/issues/139
2016-12-21 23:14:16 -06:00
Behdad Esfahbod 4ebbeb7c50 [GX] Make FeatureVariations actually work
Yay!!!!
2016-12-16 19:06:26 -06:00
Behdad Esfahbod ec87ba9ba3 [GX] Add hb_ot_layout_feature_with_variations_get_lookups() 2016-12-16 19:06:26 -06:00
Behdad Esfahbod 30c42b644e [GX] Add hb_ot_layout_table_find_feature_variations() 2016-12-16 19:06:26 -06:00
Behdad Esfahbod 59055b5494 [GX] Implement Feature Variations
Not hooked up to shaper yet.
2016-12-16 19:06:26 -06:00
Behdad Esfahbod cf3de4d8f7 [GX] Rename VarStore to VariationStore 2016-12-16 19:06:26 -06:00
Behdad Esfahbod 151d93de8a [GX] Hook up GPOS to Variation Store stored in GDEF
Untested.
2016-12-16 19:06:26 -06:00
Behdad Esfahbod 359dead960 Allow MultipleSubst to delete glyph
Fixes https://github.com/behdad/harfbuzz/issues/253

Hopefully we got the logic right.
2016-05-06 16:19:19 +01:00
Behdad Esfahbod b20305022a Do NOT ignore Mongolian Free Variation Selectors during matching
Fixes https://github.com/behdad/harfbuzz/issues/234
2016-04-26 16:41:17 -07:00
Behdad Esfahbod 9a13ed453e Make FixedVersion a template 2016-02-22 15:38:44 +09:00
Behdad Esfahbod b87e36f6f1 Avoid buffer->move_to() in case of buffer error
Fixes https://github.com/behdad/harfbuzz/issues/223

Right now we cannot test this because it has to be tested using hb-fuzzer.
We should move all fuzzing tests from test/shaping/tests/fuzzed.tests to
test/fuzzing/ and have its own test runner.  At that point, should add
test from this issue as well.
2016-02-19 14:52:31 +07:00
Behdad Esfahbod 100fbeaf19 Fix ligature component of a mark happening after a ligature within a ligature!
Say, if we are ligating "A B_C m D", then previously 'm' was being
attached to 'B' in the combined A_B_C_D ligature.  Now we attach it
to 'C'.  No test for this though :(.
2015-12-17 15:23:09 +00:00
Behdad Esfahbod 2f02fc79a5 Improve ligature-component handling
We use three bits for lig_id these days, so we finally got a report of
two separate ligatures with the same lig_id happening adjacent to each
other, and then the component-handling code was breaking things.
Protect against that by ignoring same-lig-id but lig-comp=0 glyphs after
a new ligature.

Fixes https://github.com/behdad/harfbuzz/issues/198
2015-12-17 15:21:14 +00:00
Behdad Esfahbod 9cc1ed4fa6 Do not allow recursiving to same position and same lookup
This is just to make it harder to be extremely slow.  There definitely
are ways still, just harder.  Oh well... how do we tame this problem
without solving halting problem?!

Fixes https://github.com/behdad/harfbuzz/issues/174
2015-11-19 12:39:09 -08:00
Behdad Esfahbod 37b40cd8a1 Fix another move_to assertion failure
If buf->idx is at end, don't set end past it...

Fixes https://github.com/behdad/harfbuzz/issues/173
2015-11-18 23:04:45 -08:00
Behdad Esfahbod abadc1717d Try to better handle OOM situations
Fixes assert fail in https://github.com/behdad/harfbuzz/issues/161
with libharfbuzz-fuzzing.
2015-11-18 17:52:08 -08:00
Behdad Esfahbod cc5d3a3388 Towards using top-byte of unicode-props for more things 2015-11-04 13:22:33 -08:00
Behdad Esfahbod 8259669fbd Minor 2015-11-02 17:44:05 -08:00
Behdad Esfahbod 5ba450407b Make max context-length and max nesting level configurable
...at compile time.
2015-11-02 15:43:39 -08:00
Behdad Esfahbod 4a6b1eedbb Fix one more -Wshadow warning
https://bugzilla.mozilla.org/show_bug.cgi?id=1215894
2015-10-21 11:20:55 -02:00
Behdad Esfahbod f396fbb000 Fix return value of sanitize when subformat is not readable
This is a fix on top of the previous issue fixed in
c917965b9e.

This was caught by "libFuzzer" testing.
2015-10-09 12:25:55 -04:00