File harfbuzz-limit-buffer-max-size-growth.patch of Package harfbuzz.openSUSE_13.2_Update

Overview Repositories Revisions Requests Users Attributes Meta

File harfbuzz-limit-buffer-max-size-growth.patch of Package harfbuzz.openSUSE_13.2_Update

From 4301703bddb63a01651a0d58474bb15ac0ebbcf6 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 5 Nov 2015 23:44:59 -0800
Subject: [PATCH] Limit buffer max size growth

https://github.com/behdad/harfbuzz/issues/161

Backported by Mike Gorse <mgorse@suse.com>
---
diff -urp harfbuzz-0.9.35.orig/src/hb-buffer.cc harfbuzz-0.9.35/src/hb-buffer.cc
--- harfbuzz-0.9.35.orig/src/hb-buffer.cc	2014-08-11 17:34:15.105229654 -0500
+++ harfbuzz-0.9.35/src/hb-buffer.cc	2016-08-02 14:44:13.724821131 -0500
@@ -86,6 +86,12 @@ hb_buffer_t::enlarge (unsigned int size)
   if (unlikely (in_error))
     return false;
 
+  if (unlikely (size > max_len))
+  {
+    in_error = true;
+    return false;
+  }
+
   unsigned int new_allocated = allocated;
   hb_glyph_position_t *new_pos = NULL;
   hb_glyph_info_t *new_info = NULL;
@@ -681,6 +687,8 @@ hb_buffer_create (void)
   if (!(buffer = hb_object_create<hb_buffer_t> ()))
     return hb_buffer_get_empty ();
 
+  buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT;
+
   buffer->reset ();
 
   return buffer;
@@ -705,6 +713,8 @@ hb_buffer_get_empty (void)
     HB_BUFFER_FLAG_DEFAULT,
     HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT,
 
+    HB_BUFFER_MAX_LEN_DEFAULT,
+
     HB_BUFFER_CONTENT_TYPE_INVALID,
     HB_SEGMENT_PROPERTIES_DEFAULT,
     true, /* in_error */
diff -urp harfbuzz-0.9.35.orig/src/hb-buffer-private.hh harfbuzz-0.9.35/src/hb-buffer-private.hh
--- harfbuzz-0.9.35.orig/src/hb-buffer-private.hh	2014-08-11 17:33:30.113597808 -0500
+++ harfbuzz-0.9.35/src/hb-buffer-private.hh	2016-08-02 14:45:34.040819940 -0500
@@ -34,6 +34,15 @@
 #include "hb-object-private.hh"
 #include "hb-unicode-private.hh"
 
+#ifndef HB_BUFFER_MAX_EXPANSION_FACTOR
+#define HB_BUFFER_MAX_EXPANSION_FACTOR 32
+#endif
+#ifndef HB_BUFFER_MAX_LEN_MIN
+#define HB_BUFFER_MAX_LEN_MIN 8192
+#endif
+#ifndef HB_BUFFER_MAX_LEN_DEFAULT_
+#define HB_BUFFER_MAX_LEN_DEFAULT 0x3FFFFFFF /* Shaping more than a billion chars? Let us know! */
+#endif
 
 ASSERT_STATIC (sizeof (hb_glyph_info_t) == 20);
 ASSERT_STATIC (sizeof (hb_glyph_info_t) == sizeof (hb_glyph_position_t));
@@ -52,6 +61,8 @@ struct hb_buffer_t {
   hb_buffer_flags_t flags; /* BOT / EOT / etc. */
   hb_codepoint_t replacement; /* U+FFFD or something else. */
 
+  unsigned int max_len; /* Maximum allowed len. */
+
   /* Buffer contents */
   hb_buffer_content_type_t content_type;
   hb_segment_properties_t props; /* Script, language, direction */
diff -urp harfbuzz-0.9.35.orig/src/hb-ot-shape.cc harfbuzz-0.9.35/src/hb-ot-shape.cc
--- harfbuzz-0.9.35.orig/src/hb-ot-shape.cc	2014-08-02 16:17:48.359335674 -0500
+++ harfbuzz-0.9.35/src/hb-ot-shape.cc	2016-08-02 15:12:37.892795862 -0500
@@ -696,6 +696,12 @@ hb_ot_shape_internal (hb_ot_shape_contex
 {
   c->buffer->deallocate_var_all ();
 
+  if (likely (!_hb_unsigned_int_mul_overflows (c->buffer->len, HB_BUFFER_MAX_EXPANSION_FACTOR)))
+  {
+    c->buffer->max_len = MAX (c->buffer->len * HB_BUFFER_MAX_EXPANSION_FACTOR,
+			      (unsigned) HB_BUFFER_MAX_LEN_MIN);
+ }
+
   /* Save the original direction, we use it later. */
   c->target_direction = c->buffer->props.direction;
 
@@ -718,6 +724,7 @@ hb_ot_shape_internal (hb_ot_shape_contex
 
   c->buffer->props.direction = c->target_direction;
 
+  c->buffer->max_len = HB_BUFFER_MAX_LEN_DEFAULT;
   c->buffer->deallocate_var_all ();
 }

Places

File harfbuzz-limit-buffer-max-size-growth.patch of Package harfbuzz.openSUSE_13.2_Update

Places