File harfbuzz-crash.diff of Package libqt4.import5628
commit 9ae6f2f9a57f0c3096d5785913e437953fa6775c
Author: Jiang Jiang <jiang.jiang@nokia.com>
Date: Mon Jul 18 08:49:32 2011 +0200
Check for buffer overflow in Lookup_MarkMarkPos
That may cause crash in this function with certain fonts.
Task-number: QTBUG-17238
Done-by: Alberto Garcia <agarcia@igalia.com>
Reviewed-by: Jiang Jiang
--- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+++ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
@@ -3012,6 +3012,9 @@ static HB_Error Lookup_MarkMarkPos( GPOS_Instance* gpi,
j--;
}
+ if ( i > buffer->in_pos )
+ return HB_Err_Not_Covered;
+
error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
&mark2_index );
if ( error )