File CVE-2023-25193.patch of Package harfbuzz.28569
From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 1 Feb 2023 20:00:43 -0700
Subject: [PATCH] [layout] Limit how far we skip when looking back
See comments.
---
src/hb-ot-layout-gsubgpos.hh | 7 +++++++
1 file changed, 7 insertions(+)
Index: harfbuzz-1.4.5/src/hb-ot-layout-gsubgpos-private.hh
===================================================================
--- harfbuzz-1.4.5.orig/src/hb-ot-layout-gsubgpos-private.hh
+++ harfbuzz-1.4.5/src/hb-ot-layout-gsubgpos-private.hh
@@ -404,7 +404,15 @@ struct hb_apply_context_t :
inline bool prev (void)
{
assert (num_items > 0);
- while (idx >= num_items)
+ unsigned stop = num_items - 1;
+
+ /* When looking back, limit how far we search; this function is mostly
+ * used for looking back for base glyphs when attaching marks. If we
+ * don't limit, we can get O(n^2) behavior where n is the number of
+ * consecutive marks. */
+ stop = (unsigned) ((int) stop >= (int) idx - HB_MAX_CONTEXT_LENGTH ? stop : (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+ while (idx > stop)
{
idx--;
const hb_glyph_info_t &info = c->buffer->out_info[idx];