src/hb-aat-layout-common.hh | 7 ++++--- src/hb-aat-layout-morx-table.hh | 8 ++++---- src/hb-buffer.hh | 5 ++++- src/hb-ot-hmtx-table.hh | 2 +- 4 files changed, 13 insertions(+), 9 deletions(-)
New commits: commit 1c76c8f6ff7877e486f6e94d04b2dc65348b26d5 Author: Behdad Esfahbod <beh...@behdad.org> Date: Sun Oct 14 19:39:31 2018 -0700 [morx] Handle end-of-text conditions in Insertion Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10955 diff --git a/src/hb-aat-layout-morx-table.hh b/src/hb-aat-layout-morx-table.hh index b902fd79..544dedde 100644 --- a/src/hb-aat-layout-morx-table.hh +++ b/src/hb-aat-layout-morx-table.hh @@ -620,12 +620,12 @@ struct InsertionSubtable unsigned int end = buffer->out_len; buffer->move_to (mark); - if (!before) + if (buffer->idx < buffer->len && !before) buffer->copy_glyph (); /* TODO We ignore KashidaLike setting. */ for (unsigned int i = 0; i < count; i++) buffer->output_glyph (glyphs[i]); - if (!before) + if (buffer->idx < buffer->len && !before) buffer->skip_glyph (); buffer->move_to (end + count); @@ -644,12 +644,12 @@ struct InsertionSubtable unsigned int end = buffer->out_len; - if (!before) + if (buffer->idx < buffer->len && !before) buffer->copy_glyph (); /* TODO We ignore KashidaLike setting. */ for (unsigned int i = 0; i < count; i++) buffer->output_glyph (glyphs[i]); - if (!before) + if (buffer->idx < buffer->len && !before) buffer->skip_glyph (); /* Humm. Not sure where to move to. There's this wording under commit 60c13976733ea05e71c66c486d62e31ffbb71bac Author: Behdad Esfahbod <beh...@behdad.org> Date: Sun Oct 14 19:36:46 2018 -0700 [buffer] Fix output_glyph at end of buffer Part of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10955 diff --git a/src/hb-buffer.hh b/src/hb-buffer.hh index 9628ddae..0d888e1e 100644 --- a/src/hb-buffer.hh +++ b/src/hb-buffer.hh @@ -229,7 +229,10 @@ struct hb_buffer_t { if (unlikely (!make_room_for (0, 1))) return Crap(hb_glyph_info_t); - out_info[out_len] = info[idx]; + if (unlikely (idx == len && !out_len)) + return Crap(hb_glyph_info_t); + + out_info[out_len] = idx < len ? info[idx] : out_info[out_len - 1]; out_info[out_len].codepoint = glyph_index; out_len++; commit 7efa38257b6f79d1c6e2a9bad29c33af276abe29 Author: Behdad Esfahbod <beh...@behdad.org> Date: Sun Oct 14 19:30:44 2018 -0700 [aat] More protection against buffer fail diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh index eda5151c..432b9e85 100644 --- a/src/hb-aat-layout-common.hh +++ b/src/hb-aat-layout-common.hh @@ -507,9 +507,10 @@ struct StateTableDriver if (!c->in_place) { - for (; buffer->idx < buffer->len;) - buffer->next_glyph (); - buffer->swap_buffers (); + for (; buffer->successful && buffer->idx < buffer->len;) + buffer->next_glyph (); + if (likely (buffer->successful)) + buffer->swap_buffers (); } } commit e1add2a275a8afa5efc22aa44a4e62646f0b0ba4 Author: Behdad Esfahbod <beh...@behdad.org> Date: Sun Oct 14 16:26:03 2018 -0700 [hmtx] Whitespace diff --git a/src/hb-ot-hmtx-table.hh b/src/hb-ot-hmtx-table.hh index 363395ab..c4c15f5d 100644 --- a/src/hb-ot-hmtx-table.hh +++ b/src/hb-ot-hmtx-table.hh @@ -249,7 +249,7 @@ struct hmtxvmtx hb_blob_destroy (var_blob); } - inline unsigned int get_advance (hb_codepoint_t glyph) const + inline unsigned int get_advance (hb_codepoint_t glyph) const { if (unlikely (glyph >= num_metrics)) { _______________________________________________ HarfBuzz mailing list HarfBuzz@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/harfbuzz