Hello community, here is the log from the commit of package graphite2 for openSUSE:Factory checked in at 2017-06-28 10:33:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/graphite2 (Old) and /work/SRC/openSUSE:Factory/.graphite2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "graphite2" Wed Jun 28 10:33:48 2017 rev:20 rq:505540 version:1.3.10 Changes: -------- --- /work/SRC/openSUSE:Factory/graphite2/graphite2.changes 2017-04-28 09:11:28.485553485 +0200 +++ /work/SRC/openSUSE:Factory/.graphite2.new/graphite2.changes 2017-06-28 10:33:51.000058344 +0200 @@ -1,0 +2,10 @@ +Wed Jun 21 19:13:30 UTC 2017 - [email protected] + +- Use %ctest macro +- Update license string to lgpl2.1+ and mpl2.0+ +- Remove patch graphite2-CVE-2017-5436.patch +- Update to 1.3.10: + * Upstream marks this as contianing various bugfixes without + any specific mentions + +------------------------------------------------------------------- Old: ---- 1.3.9.tar.gz graphite2-CVE-2017-5436.patch New: ---- 1.3.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ graphite2.spec ++++++ --- /var/tmp/diff_new_pack.9I2f4a/_old 2017-06-28 10:33:52.207887465 +0200 +++ /var/tmp/diff_new_pack.9I2f4a/_new 2017-06-28 10:33:52.211886899 +0200 @@ -18,10 +18,10 @@ %define libname libgraphite2-3 Name: graphite2 -Version: 1.3.9 +Version: 1.3.10 Release: 0 Summary: Font rendering capabilities for complex non-Roman writing systems -License: LGPL-2.1+ or GPL-2.0+ or MPL-1.1 +License: LGPL-2.1+ or MPL-2.0+ Group: Productivity/Publishing/Word Url: https://github.com/silnrsi/graphite Source0: https://github.com/silnrsi/graphite/archive/%{version}.tar.gz @@ -29,7 +29,6 @@ Patch0: graphite2-1.2.0-cmakepath.patch Patch1: graphite-nonvoid-return.patch Patch2: link-gcc-shared.diff -Patch3: graphite2-CVE-2017-5436.patch BuildRequires: asciidoc BuildRequires: cmake BuildRequires: fontconfig-devel @@ -83,7 +82,6 @@ %patch0 -p1 %patch1 -p1 %patch2 -%patch3 -p1 %build %cmake \ @@ -101,8 +99,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %check -cd build -ctest --output-on-failure +%ctest %post -n %{libname} -p /sbin/ldconfig ++++++ 1.3.9.tar.gz -> 1.3.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/ChangeLog new/graphite-1.3.10/ChangeLog --- old/graphite-1.3.9/ChangeLog 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/ChangeLog 2017-05-05 17:35:18.000000000 +0200 @@ -1,3 +1,7 @@ +1.3.10 + . Address floating point build parameters to give consistent positioning results across platforms + . Various bug fixes + 1.3.9 . Add Collision COLL_ISSPACE to allow for visible spaces in collision avoidance . Add segment and pass direction information to tracing output diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/debian-src/changelog new/graphite-1.3.10/debian-src/changelog --- old/graphite-1.3.9/debian-src/changelog 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/debian-src/changelog 2017-05-05 17:35:18.000000000 +0200 @@ -1,3 +1,9 @@ +graphite2 (1.3.10~palaso1) xenial; urgency=medium + + * Minor features and bug fix release + + -- Martin Hosken <[email protected]> Thu, 07 Jul 2016 09:02:07 +0100 + graphite2 (1.3.9~palaso1) xenial; urgency=medium * Minor features and bug fix release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/doc/hacking.txt new/graphite-1.3.10/doc/hacking.txt --- old/graphite-1.3.9/doc/hacking.txt 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/doc/hacking.txt 2017-05-05 17:35:18.000000000 +0200 @@ -47,6 +47,18 @@ GRAPHITE2_CUSTOM_HEADER:: If set, then the value of this macro will be included as a header in Main.h (in effect, all source files). See Main.h for details. +=== Floating point maths === + +On some Intel 32 bit processors, gcc on Linux, will attempt to optimise floating point operations by keeping +floating point values in 80 bit (or larger) float registers for as long as possible. In some of the floating +point maths performed for collision detection this results in error accumlating which produces different +results between 64 bit and 32 bit native code. The current work around is to pass either -ffloat-store (the +slow but widely compatible option) or -mfpmath=sse -msse2 (the faster but not as generic), this causes float +values to be rounded between every opteration or the use of sse float operations which are more strictly +specified and therfore more predictable across processor generations. +This has not been observed to be an issue on 32 bit MSVC or Mac 32 bit compilers and is not an issue on ARM 32 +bit either. + === Thread Safety === The Graphite engine has no locking or thread safe storage. But it is possible to use the Graphite engine in a thread safe manner. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/doc/release.txt new/graphite-1.3.10/doc/release.txt --- old/graphite-1.3.9/doc/release.txt 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/doc/release.txt 2017-05-05 17:35:18.000000000 +0200 @@ -17,7 +17,7 @@ The release is done by: . git tag -s <version> -. git archive -o graphite2-<version>.tgz --prefix=graphite2-<version> <version> +. git archive -o graphite2-<version>.tgz --prefix=graphite2-<version>/ <version> . git archive -o graphite2-minimal-<version>.tgz --prefix=graphite2-<version>/ <version> include src LICENSE COPYING README.md . sha1sum graphite2-<version>.tgz graphite2-minimal-<version>.tgz > graphite2-<version>.sha1sum . Then push up to sf.net/projects/silgraphite and projects.palaso.org/graphiteng-dev diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/include/graphite2/Font.h new/graphite-1.3.10/include/graphite2/Font.h --- old/graphite-1.3.9/include/graphite2/Font.h 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/include/graphite2/Font.h 2017-05-05 17:35:18.000000000 +0200 @@ -30,7 +30,7 @@ #define GR2_VERSION_MAJOR 1 #define GR2_VERSION_MINOR 3 -#define GR2_VERSION_BUGFIX 9 +#define GR2_VERSION_BUGFIX 10 #ifdef __cplusplus extern "C" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/CMakeLists.txt new/graphite-1.3.10/src/CMakeLists.txt --- old/graphite-1.3.9/src/CMakeLists.txt 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/CMakeLists.txt 2017-05-05 17:35:18.000000000 +0200 @@ -111,6 +111,9 @@ COMPILE_FLAGS "-Wall -Wextra -Wno-unknown-pragmas -Wendif-labels -Wshadow -Wctor-dtor-privacy -Wnon-virtual-dtor -fno-rtti -fno-exceptions -fvisibility=hidden -fvisibility-inlines-hidden -fno-stack-protector" LINK_FLAGS "-nodefaultlibs ${GRAPHITE_LINK_FLAGS}" LINKER_LANGUAGE C) + if (${CMAKE_SYSTEM_PROCESSOR} MATCHES "x86|i.86") + add_definitions(-mfpmath=sse -msse2) + endif (${CMAKE_SYSTEM_PROCESSOR} MATCHES "x86|i.86") if (CMAKE_COMPILER_IS_GNUCXX) add_definitions(-Wdouble-promotion) endif (CMAKE_COMPILER_IS_GNUCXX) @@ -135,7 +138,7 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL "Darwin") set_target_properties(graphite2 PROPERTIES - COMPILE_FLAGS "-Wall -Wextra -Wno-unknown-pragmas -Wimplicit-fallthrough -Wendif-labels -Wshadow -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -fno-rtti -fno-exceptions -fvisibility=hidden -fvisibility-inlines-hidden -fno-stack-protector" + COMPILE_FLAGS "-Wall -Wextra -Wno-unknown-pragmas -Wimplicit-fallthrough -Wendif-labels -Wshadow -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -fno-rtti -fno-exceptions -fvisibility=hidden -fvisibility-inlines-hidden -fno-stack-protector -mfpmath=sse -msse2" LINK_FLAGS "-nodefaultlibs" LINKER_LANGUAGE C) target_link_libraries(graphite2 c) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/Collider.cpp new/graphite-1.3.10/src/Collider.cpp --- old/graphite-1.3.9/src/Collider.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/Collider.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -262,7 +262,7 @@ // Adjust the movement limits for the target to avoid having it collide // with the given neighbor slot. Also determine if there is in fact a collision // between the target and the given slot. -bool ShiftCollider::mergeSlot(Segment *seg, Slot *slot, const Position &currShift, +bool ShiftCollider::mergeSlot(Segment *seg, Slot *slot, const SlotCollision *cslot, const Position &currShift, bool isAfter, // slot is logically after _target bool sameCluster, bool &hasCol, bool isExclusion, GR_MAYBE_UNUSED json * const dbgout ) @@ -282,7 +282,7 @@ return false; const BBox &bb = gc.getBoundingBBox(gid); - SlotCollision * cslot = seg->collisionInfo(slot); + // SlotCollision * cslot = seg->collisionInfo(slot); int orderFlags = 0; bool sameClass = _seqProxClass == 0 && cslot->seqClass() == _seqClass; if (sameCluster && _seqClass @@ -561,7 +561,8 @@ exclSlot->setGlyph(seg, cslot->exclGlyph()); Position exclOrigin(slot->origin() + cslot->exclOffset()); exclSlot->origin(exclOrigin); - res &= mergeSlot(seg, exclSlot, currShift, isAfter, sameCluster, isCol, true, dbgout ); + SlotCollision exclInfo(seg, exclSlot); + res &= mergeSlot(seg, exclSlot, &exclInfo, currShift, isAfter, sameCluster, isCol, true, dbgout ); seg->freeSlot(exclSlot); } hasCol |= isCol; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/Decompressor.cpp new/graphite-1.3.10/src/Decompressor.cpp --- old/graphite-1.3.9/src/Decompressor.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/Decompressor.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -51,7 +51,7 @@ literal = src; src += literal_len; - if (src > end - 2) + if (src > end - 2 || src < literal) return false; match_dist = *src++; @@ -85,7 +85,7 @@ { // Copy in literal. At this point the last full sequence must be at // least MINMATCH + 5 from the end of the output buffer. - if (dst + align(literal_len) > dst_end - (MINMATCH+5)) + if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5) return -1; dst = overrun_copy(dst, literal, literal_len); } @@ -94,7 +94,9 @@ // decoded output. u8 const * const pcpy = dst - match_dist; if (pcpy < static_cast<u8*>(out) - || dst + match_len + MINMATCH > dst_end - 5) + || pcpy >= dst + || match_len > unsigned(dst_end - dst - (MINMATCH+5)) + || dst_end - dst < MINMATCH + 5) return -1; if (dst > pcpy+sizeof(unsigned long) && dst + align(match_len + MINMATCH) <= dst_end) @@ -103,8 +105,8 @@ dst = safe_copy(dst, pcpy, match_len + MINMATCH); } - if (literal + literal_len > src_end - || dst + literal_len > dst_end) + if (literal_len > src_end - literal + || literal_len > dst_end - dst) return -1; dst = fast_copy(dst, literal, literal_len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/FeatureMap.cpp new/graphite-1.3.10/src/FeatureMap.cpp --- old/graphite-1.3.9/src/FeatureMap.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/FeatureMap.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -275,7 +275,8 @@ else if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap()) return false; //incompatible - pDest.reserve(m_index); + if (m_index >= pDest.size()) + pDest.resize(m_index+1); pDest[m_index] &= ~m_mask; pDest[m_index] |= (uint32(val) << m_bits); return true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/GlyphCache.cpp new/graphite-1.3.10/src/GlyphCache.cpp --- old/graphite-1.3.9/src/GlyphCache.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/GlyphCache.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -380,12 +380,16 @@ be::skip<uint16>(gloc,2); if (_long_fmt) { + if (8 + glyphid * sizeof(uint32) > m_pGloc.size()) + return 0; be::skip<uint32>(gloc, glyphid); glocs = be::read<uint32>(gloc); gloce = be::peek<uint32>(gloc); } else { + if (8 + glyphid * sizeof(uint16) > m_pGloc.size()) + return 0; be::skip<uint16>(gloc, glyphid); glocs = be::read<uint16>(gloc); gloce = be::peek<uint16>(gloc); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/Pass.cpp new/graphite-1.3.10/src/Pass.cpp --- old/graphite-1.3.9/src/Pass.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/Pass.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -171,7 +171,7 @@ const uint16 * const o_actions = reinterpret_cast<const uint16 *>(p); be::skip<uint16>(p, m_numRules + 1); const byte * const states = p; - if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e); + if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e); be::skip<int16>(p, m_numTransition*m_numColumns); be::skip<uint8>(p); if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e); @@ -192,7 +192,7 @@ m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len, precontext[0], be::peek<uint16>(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN); if (e.test(!m_cPConstraint, E_OUTOFMEM) - || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE)) + || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE)) return face.error(e); face.error_context(face.error_context() - 1); } @@ -974,7 +974,7 @@ || !(cNbor->flags() & SlotCollision::COLL_FIX) // merge in immovable stuff || ((cNbor->flags() & SlotCollision::COLL_KERN) && !sameCluster) // ignore other kernable clusters || (cNbor->flags() & SlotCollision::COLL_ISCOL)) // test against other collided glyphs - && !coll.mergeSlot(seg, nbor, cNbor->shift(), !ignoreForKern, sameCluster, collides, false, dbgout)) + && !coll.mergeSlot(seg, nbor, cNbor, cNbor->shift(), !ignoreForKern, sameCluster, collides, false, dbgout)) return false; else if (nbor == slotFix) // Switching sides of this glyph - if we were ignoring kernable stuff before, don't anymore. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/Silf.cpp new/graphite-1.3.10/src/Silf.cpp --- old/graphite-1.3.9/src/Silf.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/Silf.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -155,8 +155,8 @@ be::skip<uint32>(p, be::read<uint8>(p)); // don't use scriptTag array. if (e.test(p + sizeof(uint16) + sizeof(uint32) >= silf_end, E_BADSCRIPTTAGS)) { releaseBuffers(); return face.error(e); } m_gEndLine = be::read<uint16>(p); // lbGID - const byte * o_passes = p, - * const passes_start = silf_start + be::read<uint32>(p); + const byte * o_passes = p; + uint32 passes_start = be::read<uint32>(p); const size_t num_attrs = face.glyphs().numAttrs(); if (e.test(m_aPseudo >= num_attrs, E_BADAPSEUDO) @@ -164,7 +164,7 @@ || e.test(m_aBidi >= num_attrs, E_BADABIDI) || e.test(m_aMirror>= num_attrs, E_BADAMIRROR) || e.test(m_aCollision && m_aCollision >= num_attrs - 5, E_BADACOLLISION) - || e.test(m_numPasses > 128, E_BADNUMPASSES) || e.test(passes_start >= silf_end, E_BADPASSESSTART) + || e.test(m_numPasses > 128, E_BADNUMPASSES) || e.test(passes_start >= lSilf, E_BADPASSESSTART) || e.test(m_pPass < m_sPass, E_BADPASSBOUND) || e.test(m_pPass > m_numPasses, E_BADPPASS) || e.test(m_sPass > m_numPasses, E_BADSPASS) || e.test(m_jPass < m_pPass, E_BADJPASSBOUND) || e.test(m_jPass > m_numPasses, E_BADJPASS) || e.test((m_bPass != 0xFF && (m_bPass < m_jPass || m_bPass > m_numPasses)), E_BADBPASS) @@ -174,11 +174,11 @@ return face.error(e); } be::skip<uint32>(p, m_numPasses); - if (e.test(p + sizeof(uint16) >= passes_start, E_BADPASSESSTART)) { releaseBuffers(); return face.error(e); } + if (e.test(unsigned(p - silf_start) + sizeof(uint16) >= passes_start, E_BADPASSESSTART)) { releaseBuffers(); return face.error(e); } m_numPseudo = be::read<uint16>(p); be::skip<uint16>(p, 3); // searchPseudo, pseudoSelector, pseudoShift m_pseudos = new Pseudo[m_numPseudo]; - if (e.test(p + m_numPseudo*(sizeof(uint32) + sizeof(uint16)) >= passes_start, E_BADNUMPSEUDO) + if (e.test(unsigned(p - silf_start) + m_numPseudo*(sizeof(uint32) + sizeof(uint16)) >= passes_start, E_BADNUMPSEUDO) || e.test(!m_pseudos, E_OUTOFMEM)) { releaseBuffers(); return face.error(e); @@ -189,20 +189,20 @@ m_pseudos[i].gid = be::read<uint16>(p); } - const size_t clen = readClassMap(p, passes_start - p, version, e); + const size_t clen = readClassMap(p, passes_start + silf_start - p, version, e); m_passes = new Pass[m_numPasses]; - if (e || e.test(p + clen > passes_start, E_BADPASSESSTART) + if (e || e.test(clen > unsigned(passes_start + silf_start - p), E_BADPASSESSTART) || e.test(!m_passes, E_OUTOFMEM)) { releaseBuffers(); return face.error(e); } for (size_t i = 0; i < m_numPasses; ++i) { - const byte * const pass_start = silf_start + be::read<uint32>(o_passes), - * const pass_end = silf_start + be::peek<uint32>(o_passes); + uint32 pass_start = be::read<uint32>(o_passes); + uint32 pass_end = be::peek<uint32>(o_passes); face.error_context((face.error_context() & 0xFF00) + EC_ASILF + (i << 16)); if (e.test(pass_start > pass_end, E_BADPASSSTART) || e.test(pass_start < passes_start, E_BADPASSSTART) - || e.test(pass_end > silf_end, E_BADPASSEND)) { + || e.test(pass_end > lSilf, E_BADPASSEND)) { releaseBuffers(); return face.error(e); } @@ -213,7 +213,7 @@ else pt = PASS_TYPE_LINEBREAK; m_passes[i].init(this); - if (!m_passes[i].readPass(pass_start, pass_end - pass_start, pass_start - silf_start, face, pt, + if (!m_passes[i].readPass(silf_start + pass_start, pass_end - pass_start, pass_start, face, pt, version, e)) { releaseBuffers(); @@ -293,7 +293,8 @@ if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ... || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off] - || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange + || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange + || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even. return ERROROFFSET; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/inc/Collider.h new/graphite-1.3.10/src/inc/Collider.h --- old/graphite-1.3.9/src/inc/Collider.h 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/inc/Collider.h 2017-05-05 17:35:18.000000000 +0200 @@ -133,7 +133,7 @@ bool initSlot(Segment *seg, Slot *aSlot, const Rect &constraint, float margin, float marginMin, const Position &currShift, const Position &currOffset, int dir, GR_MAYBE_UNUSED json * const dbgout); - bool mergeSlot(Segment *seg, Slot *slot, const Position &currShift, bool isAfter, + bool mergeSlot(Segment *seg, Slot *slot, const SlotCollision *cinfo, const Position &currShift, bool isAfter, bool sameCluster, bool &hasCol, bool isExclusion, GR_MAYBE_UNUSED json * const dbgout); Position resolve(Segment *seg, bool &isCol, GR_MAYBE_UNUSED json * const dbgout); void addBox_slope(bool isx, const Rect &box, const BBox &bb, const SlantBox &sb, const Position &org, float weight, float m, bool minright, int mode); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/inc/UtfCodec.h new/graphite-1.3.10/src/inc/UtfCodec.h --- old/graphite-1.3.9/src/inc/UtfCodec.h 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/inc/UtfCodec.h 2017-05-05 17:35:18.000000000 +0200 @@ -124,7 +124,7 @@ private: static const int8 sz_lut[16]; static const byte mask_lut[5]; - + static const uchar_t limit = 0x110000; public: typedef uint8 codeunit_t; @@ -157,7 +157,7 @@ case 0: l = -1; return 0xFFFD; } - if (l != seq_sz || toolong) + if (l != seq_sz || toolong || u >= limit) { l = -l; return 0xFFFD; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/src/inc/locale2lcid.h new/graphite-1.3.10/src/inc/locale2lcid.h --- old/graphite-1.3.9/src/inc/locale2lcid.h 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/src/inc/locale2lcid.h 2017-05-05 17:35:18.000000000 +0200 @@ -36,8 +36,8 @@ struct IsoLangEntry { unsigned short mnLang; - const char maLangStr[4]; - const char maCountry[3]; + char maLangStr[4]; + char maCountry[3]; }; // Windows Language ID, Locale ISO-639 language, country code as used in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/graphite-1.3.9/tests/utftest/utftest.cpp new/graphite-1.3.10/tests/utftest/utftest.cpp --- old/graphite-1.3.9/tests/utftest/utftest.cpp 2016-11-11 10:53:21.000000000 +0100 +++ new/graphite-1.3.10/tests/utftest/utftest.cpp 2017-05-05 17:35:18.000000000 +0200 @@ -8,6 +8,9 @@ unsigned char str[12]; }; struct test8 tests8[] = { + { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] + { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] + { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF { 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF { 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF
