src/Makefile.sources
| 2
src/hb-aat-fdsc-table.hh
| 103 ++++++++++
src/hb-aat-layout.cc
| 1
src/hb-cff-interp-cs-common.hh
| 22 +-
src/hb-coretext.cc
| 16 -
src/hb-ot-cff-common.hh
| 2
src/hb-ot-cff1-table.hh
| 16 -
src/hb-ot-cff2-table.hh
| 3
src/hb-ot-gasp-table.hh
| 84 ++++++++
src/hb-ot-layout.cc
| 5
src/hb-ot-os2-table.hh
| 88 ++++++--
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
|binary
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
|binary
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5672913680728064
|binary
14 files changed, 290 insertions(+), 52 deletions(-)
New commits:
commit 8394a6cb252dd8b4230c2b59e8c346ec5403bf88
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Wed Dec 5 15:23:41 2018 +0330
[os2] Make newer table fields accessible (#1452)
diff --git a/src/hb-ot-os2-table.hh b/src/hb-ot-os2-table.hh
index e53eda73..46e8b708 100644
--- a/src/hb-ot-os2-table.hh
+++ b/src/hb-ot-os2-table.hh
@@ -30,7 +30,7 @@
#include "hb-open-type.hh"
#include "hb-ot-os2-unicode-ranges.hh"
-namespace OT {
+#include "hb-set.hh"
/*
* OS/2 and Windows Metrics
@@ -38,16 +38,65 @@ namespace OT {
*/
#define HB_OT_TAG_OS2 HB_TAG('O','S','/','2')
-struct OS2
+
+namespace OT {
+
+struct OS2V1Tail
{
- enum { tableTag = HB_OT_TAG_OS2 };
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBUINT32 ulCodePageRange1;
+ HBUINT32 ulCodePageRange2;
+ public:
+ DEFINE_SIZE_STATIC (8);
+};
+
+struct OS2V2Tail
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBINT16 sxHeight;
+ HBINT16 sCapHeight;
+ HBUINT16 usDefaultChar;
+ HBUINT16 usBreakChar;
+ HBUINT16 usMaxContext;
+ public:
+ DEFINE_SIZE_STATIC (10);
+};
+struct OS2V5Tail
+{
inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this));
}
+ public:
+ HBUINT16 usLowerOpticalPointSize;
+ HBUINT16 usUpperOpticalPointSize;
+ public:
+ DEFINE_SIZE_STATIC (4);
+};
+
+struct OS2
+{
+ enum { tableTag = HB_OT_TAG_OS2 };
+
+ inline const OS2V1Tail &v1 (void) const { return version >= 1 ? v1X : Null
(OS2V1Tail); }
+ inline const OS2V2Tail &v2 (void) const { return version >= 2 ? v2X : Null
(OS2V2Tail); }
+ inline const OS2V5Tail &v5 (void) const { return version >= 5 ? v5X : Null
(OS2V5Tail); }
+
inline bool subset (hb_subset_plan_t *plan) const
{
hb_blob_t *os2_blob = hb_sanitize_context_t ().reference_table<OS2>
(plan->source);
@@ -125,10 +174,18 @@ struct OS2
return (font_page_t) (fsSelection & 0xFF00);
}
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ if (unlikely (!c->check_struct (this))) return_trace (false);
+ if (unlikely (version >= 1 && !v1X.sanitize (c))) return_trace (false);
+ if (unlikely (version >= 2 && !v2X.sanitize (c))) return_trace (false);
+ if (unlikely (version >= 5 && !v5X.sanitize (c))) return_trace (false);
+ return_trace (true);
+ }
+
public:
HBUINT16 version;
-
- /* Version 0 */
HBINT16 xAvgCharWidth;
HBUINT16 usWeightClass;
HBUINT16 usWidthClass;
@@ -155,24 +212,11 @@ struct OS2
HBINT16 sTypoLineGap;
HBUINT16 usWinAscent;
HBUINT16 usWinDescent;
-
- /* Version 1 */
- //HBUINT32 ulCodePageRange1;
- //HBUINT32 ulCodePageRange2;
-
- /* Version 2 */
- //HBINT16 sxHeight;
- //HBINT16 sCapHeight;
- //HBUINT16 usDefaultChar;
- //HBUINT16 usBreakChar;
- //HBUINT16 usMaxContext;
-
- /* Version 5 */
- //HBUINT16 usLowerOpticalPointSize;
- //HBUINT16 usUpperOpticalPointSize;
-
+ OS2V1Tail v1X;
+ OS2V2Tail v2X;
+ OS2V5Tail v5X;
public:
- DEFINE_SIZE_STATIC (78);
+ DEFINE_SIZE_MIN (78);
};
} /* namespace OT */
commit 5ab086ebb18112ef48bf6c913acc91b2009a9bed
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Wed Dec 5 14:17:37 2018 +0330
[fdsc] Implement the table parsing
Related to https://github.com/harfbuzz/harfbuzz/issues/1337
May used in addition to an API related to STAT.
Lots of Apple fonts have it.
diff --git a/src/Makefile.sources b/src/Makefile.sources
index 2eb589f9..01ce0aca 100644
--- a/src/Makefile.sources
+++ b/src/Makefile.sources
@@ -1,6 +1,7 @@
# Base and default-included sources and headers
HB_BASE_sources = \
+ hb-aat-fdsc-table.hh \
hb-aat-layout-ankr-table.hh \
hb-aat-layout-bsln-table.hh \
hb-aat-layout-common.hh \
diff --git a/src/hb-aat-fdsc-table.hh b/src/hb-aat-fdsc-table.hh
new file mode 100644
index 00000000..d432d7fc
--- /dev/null
+++ b/src/hb-aat-fdsc-table.hh
@@ -0,0 +1,103 @@
+/*
+ * Copyright © 2018 Ebrahim Byagowi
+ *
+ * This is part of HarfBuzz, a text shaping library.
+ *
+ * Permission is hereby granted, without written agreement and without
+ * license or royalty fees, to use, copy, modify, and distribute this
+ * software and its documentation for any purpose, provided that the
+ * above copyright notice and the following two paragraphs appear in
+ * all copies of this software.
+ *
+ * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
+ * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
+ * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
+ * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+ */
+
+#ifndef HB_AAT_FDSC_TABLE_HH
+#define HB_AAT_FDSC_TABLE_HH
+
+#include "hb-aat-layout-common.hh"
+
+/*
+ * fdsc -- Font descriptors
+ *
https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6fdsc.html
+ */
+#define HB_AAT_TAG_fdsc HB_TAG('f','d','s','c')
+
+
+namespace AAT {
+
+
+struct GXFontDescriptor
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ Tag tag; /* The 4-byte table tag name. */
+ Fixed value; /* The value for the descriptor tag. */
+ public:
+ DEFINE_SIZE_STATIC (8);
+};
+
+struct gasp
+{
+ enum { tableTag = HB_AAT_TAG_fdsc };
+
+ enum {
+ Weight = HB_TAG ('w','g','h','t'),
+ /* Percent weight relative to regular weight.
+ * (defaul value: 1.0) */
+ Width = HB_TAG ('w','d','t','h'),
+ /* Percent width relative to regular width.
+ * (default value: 1.0) */
+ Slant = HB_TAG ('s','l','n','t'),
+ /* Angle of slant in degrees, where positive
+ * is clockwise from straight up.
+ * (default value: 0.0) */
+ OpticalSize = HB_TAG ('o','p','s','z'),
+ /* Point size the font was designed for.
+ * (default value: 12.0) */
+ NonAlphabetic= HB_TAG ('n','a','l','f')
+ /* These values are treated as integers,
+ * not fixed32s. 0 means alphabetic, and greater
+ * integers mean the font is non-alphabetic
(e.g. symbols).
+ * (default value: 0) */
+ };
+
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this) &&
+ descriptors.sanitize (c));
+ }
+
+ protected:
+ Fixed version; /* Version number of the font
descriptors
+ * table (0x00010000 for the current version).
*/
+ LArrayOf<GXFontDescriptor>
+ descriptors; /* List of tagged-coordinate pairs style
descriptors
+ * that will be included to characterize this
font.
+ * Each descriptor consists of a <tag, value>
pair.
+ * These pairs are located in the
gxFontDescriptor
+ * array that follows. */
+ public:
+ DEFINE_SIZE_ARRAY (8, descriptors);
+};
+
+} /* namespace AAT */
+
+
+#endif /* HB_AAT_FDSC_TABLE_HH */
diff --git a/src/hb-aat-layout.cc b/src/hb-aat-layout.cc
index e39df0e1..08afa5df 100644
--- a/src/hb-aat-layout.cc
+++ b/src/hb-aat-layout.cc
@@ -29,6 +29,7 @@
#include "hb-ot-face.hh"
#include "hb-aat-layout.hh"
+#include "hb-aat-fdsc-table.hh" // Just so we compile it; unused otherwise.
#include "hb-aat-layout-ankr-table.hh"
#include "hb-aat-layout-bsln-table.hh" // Just so we compile it; unused
otherwise.
#include "hb-aat-layout-feat-table.hh"
commit 8f80e53341a3d5bac6c2c39ab6d6973eedb0b074
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Wed Dec 5 13:51:14 2018 +0330
[gasp] Implement the table parsing
May or may not be used in https://github.com/harfbuzz/harfbuzz/pull/1432
diff --git a/src/Makefile.sources b/src/Makefile.sources
index e12d3b55..2eb589f9 100644
--- a/src/Makefile.sources
+++ b/src/Makefile.sources
@@ -59,6 +59,7 @@ HB_BASE_sources = \
hb-ot-face.cc \
hb-ot-face.hh \
hb-ot-font.cc \
+ hb-ot-gasp-table.hh \
hb-ot-glyf-table.hh \
hb-ot-hdmx-table.hh \
hb-ot-head-table.hh \
diff --git a/src/hb-ot-gasp-table.hh b/src/hb-ot-gasp-table.hh
new file mode 100644
index 00000000..73c5b3fc
--- /dev/null
+++ b/src/hb-ot-gasp-table.hh
@@ -0,0 +1,84 @@
+/*
+ * Copyright © 2018 Ebrahim Byagowi
+ *
+ * This is part of HarfBuzz, a text shaping library.
+ *
+ * Permission is hereby granted, without written agreement and without
+ * license or royalty fees, to use, copy, modify, and distribute this
+ * software and its documentation for any purpose, provided that the
+ * above copyright notice and the following two paragraphs appear in
+ * all copies of this software.
+ *
+ * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
+ * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
+ * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
+ * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+ */
+
+#ifndef HB_OT_GASP_TABLE_HH
+#define HB_OT_GASP_TABLE_HH
+
+#include "hb-open-type.hh"
+#include "hb-ot-hhea-table.hh"
+#include "hb-ot-os2-table.hh"
+#include "hb-ot-var-hvar-table.hh"
+
+/*
+ * gasp -- Grid-fitting and Scan-conversion Procedure
+ * https://docs.microsoft.com/en-us/typography/opentype/spec/gasp
+ */
+#define HB_OT_TAG_gasp HB_TAG('g','a','s','p')
+
+
+namespace OT {
+
+struct GaspRange
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBUINT16 rangeMaxPPEM; /* Upper limit of range, in PPEM */
+ HBUINT16 rangeGaspBehavior;
+ /* Flags describing desired rasterizer
behavior. */
+ public:
+ DEFINE_SIZE_STATIC (4);
+};
+
+struct gasp
+{
+ enum { tableTag = HB_OT_TAG_gasp };
+
+ inline const GaspRange &get_gasp_range (unsigned int i) const
+ { return gaspRanges[i]; }
+
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this) &&
+ gaspRanges.sanitize (c));
+ }
+
+ protected:
+ HBUINT16 version; /* Version number (set to 1) */
+ ArrayOf<GaspRange>
+ gaspRanges; /* Number of records to follow
+ * Sorted by ppem */
+ public:
+ DEFINE_SIZE_ARRAY (4, gaspRanges);
+};
+
+} /* namespace OT */
+
+
+#endif /* HB_OT_GASP_TABLE_HH */
diff --git a/src/hb-ot-layout.cc b/src/hb-ot-layout.cc
index b08ee7f6..67ce9235 100644
--- a/src/hb-ot-layout.cc
+++ b/src/hb-ot-layout.cc
@@ -35,11 +35,12 @@
#include "hb-map.hh"
#include "hb-ot-kern-table.hh"
+#include "hb-ot-gasp-table.hh" // Just so we compile it; unused otherwise.
#include "hb-ot-layout-gdef-table.hh"
#include "hb-ot-layout-gsub-table.hh"
#include "hb-ot-layout-gpos-table.hh"
-#include "hb-ot-layout-base-table.hh" // Just so we compile it; unused
otherwise
-#include "hb-ot-layout-jstf-table.hh" // Just so we compile it; unused
otherwise
+#include "hb-ot-layout-base-table.hh" // Just so we compile it; unused
otherwise.
+#include "hb-ot-layout-jstf-table.hh" // Just so we compile it; unused
otherwise.
#include "hb-ot-name-table.hh"
#include "hb-ot-os2-table.hh"
commit 79e7e3445efef2dc57f8a10c7e355e802af08868
Merge: cf4b7db6 78f639b8
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Wed Dec 5 13:25:18 2018 +0330
Merge pull request #1449 from harfbuzz/cff-fixcharset
[CFF] fix for oss-fuzz 11657: Charset overrun
commit cf4b7db6b1e01c11d7a8a26d95cf947935a234a7
Merge: 32cc46c7 803d2f92
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Wed Dec 5 13:23:23 2018 +0330
Merge pull request #1448 from harfbuzz/cff-leak
[CFF] fix leak: oss-fuzz 11662
commit 32cc46c75a5f163f254b7998ed9193d5bbc85e4b
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 21:32:34 2018 -0800
[CFF] fix oss-fuzz issue 11670: NULL dereference (#1450)
* guard against no subr access
* code tweak
* add minimized testcase for oss-fuzz 11670 (Null deference)
diff --git a/src/hb-cff-interp-cs-common.hh b/src/hb-cff-interp-cs-common.hh
index 85546fcc..067dc1cc 100644
--- a/src/hb-cff-interp-cs-common.hh
+++ b/src/hb-cff-interp-cs-common.hh
@@ -65,7 +65,7 @@ struct BiasedSubrs
inline void init (const SUBRS &subrs_)
{
subrs = &subrs_;
- unsigned int nSubrs = subrs_.count;
+ unsigned int nSubrs = get_count ();
if (nSubrs < 1240)
bias = 107;
else if (nSubrs < 33900)
@@ -76,8 +76,20 @@ struct BiasedSubrs
inline void fini (void) {}
- const SUBRS *subrs;
+ inline unsigned int get_count (void) const { return (subrs == nullptr)? 0:
subrs->count; }
+ inline unsigned int get_bias (void) const { return bias; }
+
+ inline ByteStr operator [] (unsigned int index) const
+ {
+ if (unlikely ((subrs == nullptr) || index >= subrs->count))
+ return Null(ByteStr);
+ else
+ return (*subrs)[index];
+ }
+
+ protected:
unsigned int bias;
+ const SUBRS *subrs;
};
struct Point
@@ -137,8 +149,8 @@ struct CSInterpEnv : InterpEnv<ARG>
inline bool popSubrNum (const BiasedSubrs<SUBRS>& biasedSubrs, unsigned int
&subr_num)
{
int n = SUPER::argStack.pop_int ();
- n += biasedSubrs.bias;
- if (unlikely ((n < 0) || ((unsigned int)n >= biasedSubrs.subrs->count)))
+ n += biasedSubrs.get_bias ();
+ if (unlikely ((n < 0) || ((unsigned int)n >= biasedSubrs.get_count ())))
return false;
subr_num = (unsigned int)n;
@@ -158,7 +170,7 @@ struct CSInterpEnv : InterpEnv<ARG>
context.substr = SUPER::substr;
callStack.push (context);
- context.init ( (*biasedSubrs.subrs)[subr_num], type, subr_num);
+ context.init ( biasedSubrs[subr_num], type, subr_num);
SUPER::substr = context.substr;
}
diff --git a/src/hb-ot-cff-common.hh b/src/hb-ot-cff-common.hh
index e824dae3..2c165004 100644
--- a/src/hb-ot-cff-common.hh
+++ b/src/hb-ot-cff-common.hh
@@ -208,7 +208,7 @@ struct CFFIndex
inline unsigned int data_size (void) const
{ return HBINT8::static_size; }
- ByteStr operator [] (unsigned int index) const
+ inline ByteStr operator [] (unsigned int index) const
{
if (likely (index < count))
return ByteStr (data_base () + offset_at (index) - 1, offset_at (index +
1) - offset_at (index));
diff --git
a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5672913680728064
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5672913680728064
new file mode 100644
index 00000000..fdb5bff2
Binary files /dev/null and
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5672913680728064
differ
commit 78f639b8bf508ccfb27224f12442f8e8a1460e08
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 14:17:03 2018 -0800
added minimized testcase for oss-fuzz issue 11657
diff --git
a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
new file mode 100644
index 00000000..82a462bc
Binary files /dev/null and
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
differ
commit d3d2f32c6e85de1d7fbbb18afef356e09110e61c
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 13:51:26 2018 -0800
fix oss-fuzz 11657: buffer overrun
Check overrun in Charset1_2::get_glyph
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 01c0e435..aac66d87 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -392,13 +392,15 @@ struct Charset1_2 {
return 0;
}
- inline hb_codepoint_t get_glyph (hb_codepoint_t sid) const
+ inline hb_codepoint_t get_glyph (hb_codepoint_t sid, unsigned int
num_glyphs) const
{
if (sid == 0) return 0;
hb_codepoint_t glyph = 1;
for (unsigned int i = 0;; i++)
{
- if ((ranges[i].first <= sid) && sid <= ranges[i].first + ranges[i].nLeft)
+ if (glyph >= num_glyphs)
+ return 0;
+ if ((ranges[i].first <= sid) && (sid <= ranges[i].first +
ranges[i].nLeft))
return glyph + (sid - ranges[i].first);
glyph += (ranges[i].nLeft + 1);
}
@@ -550,9 +552,9 @@ struct Charset {
if (format == 0)
return u.format0.get_glyph (sid, num_glyphs);
else if (format == 1)
- return u.format1.get_glyph (sid);
+ return u.format1.get_glyph (sid, num_glyphs);
else
- return u.format2.get_glyph (sid);
+ return u.format2.get_glyph (sid, num_glyphs);
}
HBUINT8 format;
commit d0a250a7b15f1099c2005bc2427d62e7370dcc33
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Tue Dec 4 23:42:13 2018 +0330
Reuse hb_aat_layout_has_* logic in coretext-aat detection logic (#1442)
diff --git a/src/hb-coretext.cc b/src/hb-coretext.cc
index 15b8c62d..108d15f8 100644
--- a/src/hb-coretext.cc
+++ b/src/hb-coretext.cc
@@ -1163,20 +1163,8 @@ struct hb_coretext_aat_face_data_t {};
hb_coretext_aat_face_data_t *
_hb_coretext_aat_shaper_face_data_create (hb_face_t *face)
{
- static const hb_tag_t tags[] = {HB_CORETEXT_TAG_MORX, HB_CORETEXT_TAG_MORT,
HB_CORETEXT_TAG_KERX};
-
- for (unsigned int i = 0; i < ARRAY_LENGTH (tags); i++)
- {
- hb_blob_t *blob = face->reference_table (tags[i]);
- if (hb_blob_get_length (blob))
- {
- hb_blob_destroy (blob);
- return face->data.coretext ? (hb_coretext_aat_face_data_t *)
HB_SHAPER_DATA_SUCCEEDED : nullptr;
- }
- hb_blob_destroy (blob);
- }
-
- return nullptr;
+ return hb_aat_layout_has_substitution (face) ||
hb_aat_layout_has_positioning (face) ?
+ (hb_coretext_aat_face_data_t *) HB_SHAPER_DATA_SUCCEEDED : nullptr;
}
void
commit 803d2f92dca329a84d92c224a73e13906e8b8d56
Merge: 6ce8d10b c775adc1
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 11:01:26 2018 -0800
Merge branch 'master' into cff-leak
commit 6ce8d10b45598f5f6dade38e65486f793f33d0b6
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 10:39:17 2018 -0800
add unlikely to error handling
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 181b0bc3..dcfebe8d 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -1093,7 +1093,7 @@ struct cff1
CFF1FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
- if (font == &Crap(CFF1FontDictValues)) { fini (); return; }
+ if (unlikely (font == &Crap(CFF1FontDictValues))) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
PRIVDICTVAL *priv = &privateDicts[i];
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 330c1a3d..178acf0b 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -486,7 +486,7 @@ struct cff2
CFF2FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
- if (font == &Crap(CFF2FontDictValues)) { fini (); return; }
+ if (unlikely (font == &Crap(CFF2FontDictValues))) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
commit b61f74f69a84f427b40deefefed429fbc915981c
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 10:30:35 2018 -0800
added minimized test case for oss-fuzz issue 11662
diff --git
a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
new file mode 100644
index 00000000..72fdfc6b
Binary files /dev/null and
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
differ
commit 0b952e6026c8be13d16d97f464034ee477e6282f
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 10:22:35 2018 -0800
more leak fixes
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 4221bddf..181b0bc3 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -1133,7 +1133,7 @@ struct cff1
{
sc.end_processing ();
topDict.fini ();
- fontDicts.fini ();
+ fontDicts.fini_deep ();
privateDicts.fini_deep ();
hb_blob_destroy (blob);
blob = nullptr;
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 3c4191cd..330c1a3d 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -486,6 +486,7 @@ struct cff2
CFF2FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
+ if (font == &Crap(CFF2FontDictValues)) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
@@ -506,7 +507,7 @@ struct cff2
inline void fini (void)
{
sc.end_processing ();
- fontDicts.fini ();
+ fontDicts.fini_deep ();
privateDicts.fini_deep ();
hb_blob_destroy (blob);
blob = nullptr;
commit c775adc1383f72f02b1329628b3eba1dc377a0f7
Merge: c968869f 04f2ca94
Author: Ebrahim Byagowi <ebra...@gnu.org>
Date: Tue Dec 4 21:30:07 2018 +0330
Merge pull request #1444 from harfbuzz/cff-assert
removed assert, fixes https://github.com/harfbuzz/harfbuzz/issues/1443
commit 9473463f5c884fcb1de8a7ba7410da2601e6ffa8
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 09:58:48 2018 -0800
fix attempt for oss-fuzz 11662 leak
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 7bed2636..4221bddf 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -1093,6 +1093,7 @@ struct cff1
CFF1FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
+ if (font == &Crap(CFF1FontDictValues)) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
PRIVDICTVAL *priv = &privateDicts[i];
commit 04f2ca94212983d675ed2cd36350be23ff2a6e19
Author: Michiharu Ariza <ar...@adobe.com>
Date: Tue Dec 4 09:24:07 2018 -0800
removed assert
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 7bed2636..01c0e435 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -654,6 +654,7 @@ struct NameDictValues
static inline enum NameDictValIndex name_op_to_index (OpCode op)
{
switch (op) {
+ default:
case OpCode_version:
return version;
case OpCode_Notice:
@@ -670,8 +671,6 @@ struct NameDictValues
return postscript;
case OpCode_FontName:
return fontName;
- default:
- assert (0);
}
}
_______________________________________________
HarfBuzz mailing list
HarfBuzz@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/harfbuzz
