src/hb-aat-fdsc-table.hh | 2 +- src/hb-cff-interp-common.hh | 5 +++++ src/hb-cff2-interp-cs.hh | 14 +++++++++----- 3 files changed, 15 insertions(+), 6 deletions(-)
New commits: commit 1abd4fcaec31053b442525d7f240af489c5974b1 Author: Ebrahim Byagowi <ebra...@gnu.org> Date: Fri Dec 7 22:34:12 2018 +0330 [fdsc] minor diff --git a/src/hb-aat-fdsc-table.hh b/src/hb-aat-fdsc-table.hh index d432d7fc..136172c4 100644 --- a/src/hb-aat-fdsc-table.hh +++ b/src/hb-aat-fdsc-table.hh @@ -52,7 +52,7 @@ struct GXFontDescriptor DEFINE_SIZE_STATIC (8); }; -struct gasp +struct fdsc { enum { tableTag = HB_AAT_TAG_fdsc }; commit 59345cdef38cf1f514a6a0eb6e8852350acb6166 Author: Michiharu Ariza <ar...@adobe.com> Date: Thu Dec 6 13:36:26 2018 -0800 [CFF] Refix oss-fuzz 11714: set_blends (PR #1458) (#1460) * pass subarray of stack to set_blends * get_subarray to return a value, not ref * restored error check (with tweak) diff --git a/src/hb-cff-interp-common.hh b/src/hb-cff-interp-common.hh index 9b595ff1..effc0812 100644 --- a/src/hb-cff-interp-common.hh +++ b/src/hb-cff-interp-common.hh @@ -576,6 +576,11 @@ struct ArgStack : Stack<ARG, 513> return true; } + inline hb_array_t<const ARG> get_subarray (unsigned int start) const + { + return S::elements.sub_array (start); + } + private: typedef Stack<ARG, 513> S; }; diff --git a/src/hb-cff2-interp-cs.hh b/src/hb-cff2-interp-cs.hh index 18e84680..8e296b6e 100644 --- a/src/hb-cff2-interp-cs.hh +++ b/src/hb-cff2-interp-cs.hh @@ -52,7 +52,7 @@ struct BlendArg : Number inline void set_real (double v) { reset_blends (); Number::set_real (v); } inline void set_blends (unsigned int numValues_, unsigned int valueIndex_, - unsigned int numBlends, const BlendArg *blends_) + unsigned int numBlends, const hb_array_t<const BlendArg> &blends_) { numValues = numValues_; valueIndex = valueIndex_; @@ -235,15 +235,19 @@ struct CFF2CSOpSet : CSOpSet<BlendArg, OPSET, CFF2CSInterpEnv, PARAM, PATH> env.process_blend (); k = env.get_region_count (); n = env.argStack.pop_uint (); - if (unlikely (env.argStack.get_count () < ((k+1) * n))) + /* copy the blend values into blend array of the default values */ + unsigned int start = env.argStack.get_count () - ((k+1) * n); + /* let an obvious error case fail, but note CFF2 spec doesn't forbid n==0 */ + if (unlikely (start > env.argStack.get_count ())) { env.set_error (); return; } - /* copy the blend values into blend array of the default values */ - unsigned int start = env.argStack.get_count () - ((k+1) * n); for (unsigned int i = 0; i < n; i++) - env.argStack[start + i].set_blends (n, i, k, &env.argStack[start + n + (i * k)]); + { + const hb_array_t<const BlendArg> blends = env.argStack.get_subarray (start + n + (i * k)); + env.argStack[start + i].set_blends (n, i, k, blends); + } /* pop off blend values leaving default values now adorned with blend values */ env.argStack.pop (k * n); _______________________________________________ HarfBuzz mailing list HarfBuzz@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/harfbuzz