src/hb-ot-shape-complex-indic.cc | 2
+-
test/shaping/fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf |binary
test/shaping/fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf |binary
test/shaping/fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf |binary
test/shaping/fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf |binary
test/shaping/tests/fuzzed.tests | 4
++++
6 files changed, 5 insertions(+), 1 deletion(-)
New commits:
commit a11501444cfc4854bfe2b1d3ce0fc5a957e959d8
Author: Behdad Esfahbod <beh...@behdad.org>
Date: Sat Feb 25 13:37:54 2017 -0800
Add few tests found by libFuzzer and oss-fuzz
diff --git
a/test/shaping/fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf
b/test/shaping/fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf
new file mode 100644
index 0000000..a358833
Binary files /dev/null and
b/test/shaping/fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf differ
diff --git
a/test/shaping/fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf
b/test/shaping/fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf
new file mode 100644
index 0000000..3cd5b56
Binary files /dev/null and
b/test/shaping/fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf differ
diff --git
a/test/shaping/fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf
b/test/shaping/fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf
new file mode 100644
index 0000000..41897b6
Binary files /dev/null and
b/test/shaping/fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf differ
diff --git
a/test/shaping/fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf
b/test/shaping/fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf
new file mode 100644
index 0000000..e9884ea
Binary files /dev/null and
b/test/shaping/fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf differ
diff --git a/test/shaping/tests/fuzzed.tests b/test/shaping/tests/fuzzed.tests
index d9bace3..1f51e44 100644
--- a/test/shaping/tests/fuzzed.tests
+++ b/test/shaping/tests/fuzzed.tests
@@ -11,3 +11,7 @@
fonts/sha1sum/fab39d60d758cb586db5a504f218442cd1395725.ttf:--font-funcs=ot:U+004
fonts/sha1sum/205edd09bd3d141cc9580f650109556cc28b22cb.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
fonts/sha1sum/217a934cfe15c548b572c203dceb2befdf026462.ttf:--font-funcs=ot:U+0061,U+0061,U+0061:[]
fonts/sha1sum/558661aa659912f4d30ecd27bd09835171a8e2b0.ttf:--font-funcs=ot:U+FFFD,U+E0100,U+FFFD,U+E0010:[]
+fonts/sha1sum/a34a9191d9376bda419836effeef7e75c1386016.ttf:--font-funcs=ot:U+0041:[]
+fonts/sha1sum/a69118c2c2ada48ff803d9149daa54c9ebdae30e.ttf:--font-funcs=ot:U+0041:[gid0=0+1229]
+fonts/sha1sum/b6acef662e0beb8d5fcf5b61c6b0ca69537b7402.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
+fonts/sha1sum/e88c339237f52d21e01c55f01b9c1b4cc14a0467.ttf:--font-funcs=ot:U+0041:[gid0=0+1000]
commit 85630996b8afa699f7b5d19346cdf5c72fcd6e2d
Author: Behdad Esfahbod <beh...@behdad.org>
Date: Sat Feb 25 13:30:38 2017 -0800
Fix buffer-overrun with Bengali reph positioning code
This has no security implications whatsoever since we always keep
and extra element at the end of buffer, just in case.
Discovered by oss-fuzz
CC https://github.com/behdad/harfbuzz/issues/139
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=660
diff --git a/src/hb-ot-shape-complex-indic.cc b/src/hb-ot-shape-complex-indic.cc
index b48fb56..ec12ce6 100644
--- a/src/hb-ot-shape-complex-indic.cc
+++ b/src/hb-ot-shape-complex-indic.cc
@@ -1497,7 +1497,7 @@ final_reordering_syllable (const hb_ot_shape_plan_t *plan,
if (reph_pos == REPH_POS_AFTER_SUB)
{
new_reph_pos = base;
- while (new_reph_pos < end &&
+ while (new_reph_pos + 1 < end &&
!( FLAG_SAFE (info[new_reph_pos + 1].indic_position()) & (FLAG
(POS_POST_C) | FLAG (POS_AFTER_POST) | FLAG (POS_SMVD))))
new_reph_pos++;
if (new_reph_pos < end)
_______________________________________________
HarfBuzz mailing list
HarfBuzz@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/harfbuzz
