Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:5475
harfbuzz.openSUSE_13.2_Update
harfbuzz-limit-buffer-max-size-growth.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File harfbuzz-limit-buffer-max-size-growth.patch of Package harfbuzz.openSUSE_13.2_Update
From 4301703bddb63a01651a0d58474bb15ac0ebbcf6 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Thu, 5 Nov 2015 23:44:59 -0800 Subject: [PATCH] Limit buffer max size growth https://github.com/behdad/harfbuzz/issues/161 Backported by Mike Gorse <mgorse@suse.com> --- diff -urp harfbuzz-0.9.35.orig/src/hb-buffer.cc harfbuzz-0.9.35/src/hb-buffer.cc --- harfbuzz-0.9.35.orig/src/hb-buffer.cc 2014-08-11 17:34:15.105229654 -0500 +++ harfbuzz-0.9.35/src/hb-buffer.cc 2016-08-02 14:44:13.724821131 -0500 @@ -86,6 +86,12 @@ hb_buffer_t::enlarge (unsigned int size) if (unlikely (in_error)) return false; + if (unlikely (size > max_len)) + { + in_error = true; + return false; + } + unsigned int new_allocated = allocated; hb_glyph_position_t *new_pos = NULL; hb_glyph_info_t *new_info = NULL; @@ -681,6 +687,8 @@ hb_buffer_create (void) if (!(buffer = hb_object_create<hb_buffer_t> ())) return hb_buffer_get_empty (); + buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT; + buffer->reset (); return buffer; @@ -705,6 +713,8 @@ hb_buffer_get_empty (void) HB_BUFFER_FLAG_DEFAULT, HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT, + HB_BUFFER_MAX_LEN_DEFAULT, + HB_BUFFER_CONTENT_TYPE_INVALID, HB_SEGMENT_PROPERTIES_DEFAULT, true, /* in_error */ diff -urp harfbuzz-0.9.35.orig/src/hb-buffer-private.hh harfbuzz-0.9.35/src/hb-buffer-private.hh --- harfbuzz-0.9.35.orig/src/hb-buffer-private.hh 2014-08-11 17:33:30.113597808 -0500 +++ harfbuzz-0.9.35/src/hb-buffer-private.hh 2016-08-02 14:45:34.040819940 -0500 @@ -34,6 +34,15 @@ #include "hb-object-private.hh" #include "hb-unicode-private.hh" +#ifndef HB_BUFFER_MAX_EXPANSION_FACTOR +#define HB_BUFFER_MAX_EXPANSION_FACTOR 32 +#endif +#ifndef HB_BUFFER_MAX_LEN_MIN +#define HB_BUFFER_MAX_LEN_MIN 8192 +#endif +#ifndef HB_BUFFER_MAX_LEN_DEFAULT_ +#define HB_BUFFER_MAX_LEN_DEFAULT 0x3FFFFFFF /* Shaping more than a billion chars? Let us know! */ +#endif ASSERT_STATIC (sizeof (hb_glyph_info_t) == 20); ASSERT_STATIC (sizeof (hb_glyph_info_t) == sizeof (hb_glyph_position_t)); @@ -52,6 +61,8 @@ struct hb_buffer_t { hb_buffer_flags_t flags; /* BOT / EOT / etc. */ hb_codepoint_t replacement; /* U+FFFD or something else. */ + unsigned int max_len; /* Maximum allowed len. */ + /* Buffer contents */ hb_buffer_content_type_t content_type; hb_segment_properties_t props; /* Script, language, direction */ diff -urp harfbuzz-0.9.35.orig/src/hb-ot-shape.cc harfbuzz-0.9.35/src/hb-ot-shape.cc --- harfbuzz-0.9.35.orig/src/hb-ot-shape.cc 2014-08-02 16:17:48.359335674 -0500 +++ harfbuzz-0.9.35/src/hb-ot-shape.cc 2016-08-02 15:12:37.892795862 -0500 @@ -696,6 +696,12 @@ hb_ot_shape_internal (hb_ot_shape_contex { c->buffer->deallocate_var_all (); + if (likely (!_hb_unsigned_int_mul_overflows (c->buffer->len, HB_BUFFER_MAX_EXPANSION_FACTOR))) + { + c->buffer->max_len = MAX (c->buffer->len * HB_BUFFER_MAX_EXPANSION_FACTOR, + (unsigned) HB_BUFFER_MAX_LEN_MIN); + } + /* Save the original direction, we use it later. */ c->target_direction = c->buffer->props.direction; @@ -718,6 +724,7 @@ hb_ot_shape_internal (hb_ot_shape_contex c->buffer->props.direction = c->target_direction; + c->buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT; c->buffer->deallocate_var_all (); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor