Date: Friday, October 16, 2015 @ 00:49:54 Author: heftig Revision: 249426
fix FS46717 Added: harfbuzz/trunk/crash.patch harfbuzz/trunk/hmtx.patch Modified: harfbuzz/trunk/PKGBUILD -------------+ PKGBUILD | 13 ++++++++++--- crash.patch | 13 +++++++++++++ hmtx.patch | 25 +++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-10-15 22:22:44 UTC (rev 249425) +++ PKGBUILD 2015-10-15 22:49:54 UTC (rev 249426) @@ -4,18 +4,25 @@ pkgbase=(harfbuzz) pkgname=(harfbuzz harfbuzz-icu) pkgver=1.0.5 -pkgrel=1 +pkgrel=2 pkgdesc="OpenType text shaping engine" arch=(i686 x86_64) url="http://www.freedesktop.org/wiki/Software/HarfBuzz"; license=(MIT) makedepends=(glib2 freetype2 graphite cairo icu gobject-introspection) -source=(http://www.freedesktop.org/software/harfbuzz/release/${pkgbase}-${pkgver}.tar.bz2) -sha256sums=('4d99d2c6a58ecb55538ccab522e68836383852f9f41f696d2b93cd8f85195440') +source=(http://www.freedesktop.org/software/harfbuzz/release/${pkgbase}-${pkgver}.tar.bz2 + hmtx.patch crash.patch) +sha256sums=('4d99d2c6a58ecb55538ccab522e68836383852f9f41f696d2b93cd8f85195440' + '703249e3ecfcbf2d449e9cf1eacbfd5627cb8f8943af27637a612a36b05a1d10' + '0016e865744feaac97130aa54f755cbc6ebecd75d4d21bc823eb7454d1c16972') prepare() { mkdir path ln -s /usr/bin/python2 path/python + + cd $pkgbase-$pkgver + patch -Np1 -i ../hmtx.patch + patch -Np1 -i ../crash.patch } build() { Added: crash.patch =================================================================== --- crash.patch (rev 0) +++ crash.patch 2015-10-15 22:49:54 UTC (rev 249426) @@ -0,0 +1,13 @@ +diff --git i/src/hb-ft.cc w/src/hb-ft.cc +index b695f81..2b11882 100644 +--- i/src/hb-ft.cc ++++ w/src/hb-ft.cc +@@ -84,7 +84,7 @@ _hb_ft_font_create (FT_Face ft_face, bool unref) + ft_font->ft_face = ft_face; + ft_font->unref = unref; + +- ft_font->load_flags = FT_LOAD_DEFAULT; ++ ft_font->load_flags = FT_LOAD_DEFAULT | FT_LOAD_NO_HINTING; + + return ft_font; + } Added: hmtx.patch =================================================================== --- hmtx.patch (rev 0) +++ hmtx.patch 2015-10-15 22:49:54 UTC (rev 249426) @@ -0,0 +1,25 @@ +From 63ef0b41dc48d6112d1918c1b1de9de8ea90adb5 Mon Sep 17 00:00:00 2001 +From: Behdad Esfahbod <[email protected]> +Date: Thu, 15 Oct 2015 12:47:22 -0300 +Subject: [ot-font] Fix hmtx wrong table length check + +Discovered by libFuzzer. Ouch! + +https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957 + +diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc +index 3102784..69d2503 100644 +--- a/src/hb-ot-font.cc ++++ b/src/hb-ot-font.cc +@@ -59,7 +59,7 @@ struct hb_ot_face_metrics_accelerator_t + + this->blob = OT::Sanitizer<OT::_mtx>::sanitize (face->reference_table (_mtx_tag)); + if (unlikely (!this->num_advances || +- 2 * (this->num_advances + this->num_metrics) < hb_blob_get_length (this->blob))) ++ 2 * (this->num_advances + this->num_metrics) > hb_blob_get_length (this->blob))) + { + this->num_metrics = this->num_advances = 0; + hb_blob_destroy (this->blob); +-- +cgit v0.10.2 +
