[HarfBuzz] harfbuzz: Branch 'master' - 3 commits

2018-10-13 Thread Behdad Esfahbod 
 src/hb-aat-layout.cc |   93 +
 src/hb-aat-layout.hh |   22 ++
 src/hb-coretext.cc   |  186 ---
 3 files changed, 117 insertions(+), 184 deletions(-)

New commits:
commit 56b8dd17f677ffe97e4d917c47924e1ac7632c71
Author: Behdad Esfahbod 
Date:   Sat Oct 13 19:03:33 2018 -0400

[aat] Finish off massaging table

diff --git a/src/hb-aat-layout.cc b/src/hb-aat-layout.cc
index e15531cc..e9da850b 100644
--- a/src/hb-aat-layout.cc
+++ b/src/hb-aat-layout.cc
@@ -38,95 +38,94 @@
 
 
 /* Table data courtesy of Apple.  Converted from mnemonics to integers
- * when moving to this file.  See hb-coretext.cc before 2018-10-13 for
- * more verbose version. */
+ * when moving to this file. */
 static const hb_aat_feature_mapping_t feature_mappings[] =
 {
-{ 'c2pc',   kUpperCaseType, kUpperCasePetiteCapsSelector,  
 kDefaultUpperCaseSelector },
-{ 'c2sc',   kUpperCaseType, kUpperCaseSmallCapsSelector,   
 kDefaultUpperCaseSelector },
-{ 'calt',   kContextualAlternatesType,  kContextualAlternatesOnSelector,   
 kContextualAlternatesOffSelector },
-{ 'case',   kCaseSensitiveLayoutType,   kCaseSensitiveLayoutOnSelector,
 kCaseSensitiveLayoutOffSelector },
-{ 'clig',   kLigaturesType, kContextualLigaturesOnSelector,
 kContextualLigaturesOffSelector },
-{ 'cpsp',   kCaseSensitiveLayoutType,   kCaseSensitiveSpacingOnSelector,   
 kCaseSensitiveSpacingOffSelector },
-{ 'cswh',   kContextualAlternatesType,  
kContextualSwashAlternatesOnSelector,   kContextualSwashAlternatesOffSelector },
-{ 'dlig',   kLigaturesType, kRareLigaturesOnSelector,  
 kRareLigaturesOffSelector },
-{ 'expt',   kCharacterShapeType,kExpertCharactersSelector, 
 16 },
-{ 'frac',   kFractionsType, kDiagonalFractionsSelector,
 kNoFractionsSelector },
-{ 'fwid',   kTextSpacingType,   kMonospacedTextSelector,   
 7 },
-{ 'halt',   kTextSpacingType,   kAltHalfWidthTextSelector, 
 7 },
-{ 'hist',   kLigaturesType, kHistoricalLigaturesOnSelector,
 kHistoricalLigaturesOffSelector },
-{ 'hkna',   kAlternateKanaType, kAlternateHorizKanaOnSelector, 
 kAlternateHorizKanaOffSelector, },
-{ 'hlig',   kLigaturesType, kHistoricalLigaturesOnSelector,
 kHistoricalLigaturesOffSelector },
-{ 'hngl',   kTransliterationType,   kHanjaToHangulSelector,
 kNoTransliterationSelector },
-{ 'hojo',   kCharacterShapeType,kHojoCharactersSelector,   
 16 },
-{ 'hwid',   kTextSpacingType,   kHalfWidthTextSelector,
 7 },
-{ 'ital',   kItalicCJKRomanType,kCJKItalicRomanOnSelector, 
 kCJKItalicRomanOffSelector },
-{ 'jp04',   kCharacterShapeType,kJIS2004CharactersSelector,
 16 },
-{ 'jp78',   kCharacterShapeType,kJIS1978CharactersSelector,
 16 },
-{ 'jp83',   kCharacterShapeType,kJIS1983CharactersSelector,
 16 },
-{ 'jp90',   kCharacterShapeType,kJIS1990CharactersSelector,
 16 },
-{ 'liga',   kLigaturesType, kCommonLigaturesOnSelector,
 kCommonLigaturesOffSelector },
-{ 'lnum',   kNumberCaseType,kUpperCaseNumbersSelector, 
 2 },
-{ 'mgrk',   kMathematicalExtrasType,kMathematicalGreekOnSelector,  
 kMathematicalGreekOffSelector },
-{ 'nlck',   kCharacterShapeType,kNLCCharactersSelector,
 16 },
-{ 'onum',   kNumberCaseType,kLowerCaseNumbersSelector, 
 2 },
-{ 'ordn',   kVerticalPositionType,  kOrdinalsSelector, 
 kNormalPositionSelector },
-{ 'palt',   kTextSpacingType,   kAltProportionalTextSelector,  
 7 },
-{ 'pcap',   kLowerCaseType, kLowerCasePetiteCapsSelector,  
 kDefaultLowerCaseSelector },
-{ 'pkna',   kTextSpacingType,   kProportionalTextSelector, 
 7 },
-{ 'pnum',   kNumberSpacingType, kProportionalNumbersSelector,  
 4 },
-{ 'pwid',   kTextSpacingType,   kProportionalTextSelector, 
 7 },
-{ 'qwid',   kTextSpacingType,   kQuarterWidthTextSelector, 
 7 },
-{ 'ruby',   kRubyKanaType,  kRubyKanaOnSelector,   
 kRubyKanaOffSelector },
-{ 'sinf',   kVerticalPositionType,  kScientificInferiorsSelector,  
 kNormalPositionSelector },
-{ 'smcp',   kLowerCaseType, kLowerCaseSmallCapsSelector,   
 kDefaultLowerCaseSelector },
-{ 'smpl',   kCharacterShapeType,kSimplifiedCharactersSelector, 
 16 },
-{ 'ss01',   kStylisticAlternativesType, kStylisticAltOne

[HarfBuzz] harfbuzz: Branch 'master'

2018-10-13 Thread Behdad Esfahbod 
 src/hb-aat-layout-kerx-table.hh |9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

New commits:
commit de6e414c565de5f27b9da8c7b8b11f88659a4c42
Author: Behdad Esfahbod 
Date:   Sat Oct 13 13:48:22 2018 -0400

[kerx] Sanitize more

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 95dd50dd..52923a8d 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -256,7 +256,8 @@ struct KerxSubTableFormat2
 TRACE_SANITIZE (this);
 return_trace (likely (rowWidth.sanitize (c) &&
  leftClassTable.sanitize (c, this) &&
- rightClassTable.sanitize (c, this)));
+ rightClassTable.sanitize (c, this) &&
+ c->check_range (this, array)));
   }
 
   struct accelerator_t
@@ -516,10 +517,12 @@ struct KerxSubTableFormat6
  is_long () ?
  (
u.l.rowIndexTable.sanitize (c, this) &&
-   u.l.columnIndexTable.sanitize (c, this)
+   u.l.columnIndexTable.sanitize (c, this) &&
+   c->check_range (this, u.l.array)
  ) : (
u.s.rowIndexTable.sanitize (c, this) &&
-   u.s.columnIndexTable.sanitize (c, this)
+   u.s.columnIndexTable.sanitize (c, this) &&
+   c->check_range (this, u.s.array)
  )));
   }
 
___
HarfBuzz mailing list
HarfBuzz@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/harfbuzz

[HarfBuzz] harfbuzz: Branch 'master'

2018-10-13 Thread Behdad Esfahbod 
 src/hb-aat-layout-kerx-table.hh |   18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

New commits:
commit 71f76f2f39c88998b430b171c99b85818d4fa0ab
Author: Behdad Esfahbod 
Date:   Sat Oct 13 13:36:27 2018 -0400

[kerx] Fix-up previous commit

A "&" was missing.  Go back to using pointers that are less error-prone.

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index d65f3093..95dd50dd 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -232,9 +232,9 @@ struct KerxSubTableFormat2
 unsigned int l = (this+leftClassTable).get_value_or_null (left, 
num_glyphs);
 unsigned int r = (this+rightClassTable).get_value_or_null (right, 
num_glyphs);
 unsigned int offset = l + r;
-const FWORD v = StructAtOffset (&(this+array), offset);
-if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
-return v;
+const FWORD *v = &StructAtOffset (&(this+array), offset);
+if (unlikely (!v->sanitize (&c->sanitizer))) return 0;
+return *v;
   }
 
   inline bool apply (hb_aat_apply_context_t *c) const
@@ -479,9 +479,9 @@ struct KerxSubTableFormat6
   unsigned int offset = l + r;
   if (unlikely (offset < l)) return 0; /* Addition overflow. */
   if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32 
return 0;
-  const FWORD32 &v = StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD32));
-  if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
-  return v;
+  const FWORD32 *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD32));
+  if (unlikely (!v->sanitize (&c->sanitizer))) return 0;
+  return *v;
 }
 else
 {
@@ -489,9 +489,9 @@ struct KerxSubTableFormat6
   unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, 
num_glyphs);
   unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, 
num_glyphs);
   unsigned int offset = l + r;
-  const FWORD &v = StructAtOffset (&(this+t.array), offset * sizeof 
(FWORD));
-  if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
-  return v;
+  const FWORD *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD));
+  if (unlikely (!v->sanitize (&c->sanitizer))) return 0;
+  return *v;
 }
   }
 
___
HarfBuzz mailing list
HarfBuzz@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/harfbuzz

[HarfBuzz] harfbuzz: Branch 'master' - 2 commits

2018-10-13 Thread Behdad Esfahbod 
 src/hb-aat-layout-kerx-table.hh |   56 
 1 file changed, 23 insertions(+), 33 deletions(-)

New commits:
commit 6d4b054234b4736ca9927268ee3e2d9a0f8f6ead
Author: Behdad Esfahbod 
Date:   Sat Oct 13 12:20:33 2018 -0400

[kerx] Use sanitizer instead of handcoded runtime sanitization

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 2004e579..d65f3093 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -232,11 +232,9 @@ struct KerxSubTableFormat2
 unsigned int l = (this+leftClassTable).get_value_or_null (left, 
num_glyphs);
 unsigned int r = (this+rightClassTable).get_value_or_null (right, 
num_glyphs);
 unsigned int offset = l + r;
-const FWORD *v = &StructAtOffset (&(this+array), offset);
-if (unlikely ((const char *) v < (const char *) &array ||
- (const char *) v - (const char *) this > header.length - 
v->static_size))
-  return 0;
-return *v;
+const FWORD v = StructAtOffset (&(this+array), offset);
+if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
+return v;
   }
 
   inline bool apply (hb_aat_apply_context_t *c) const
@@ -481,11 +479,9 @@ struct KerxSubTableFormat6
   unsigned int offset = l + r;
   if (unlikely (offset < l)) return 0; /* Addition overflow. */
   if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32 
return 0;
-  const FWORD32 *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD32));
-  if (unlikely ((const char *) v < (const char *) &t.array ||
-   (const char *) v - (const char *) this > header.length - 
v->static_size))
-   return 0;
-  return *v;
+  const FWORD32 &v = StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD32));
+  if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
+  return v;
 }
 else
 {
@@ -493,11 +489,9 @@ struct KerxSubTableFormat6
   unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, 
num_glyphs);
   unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, 
num_glyphs);
   unsigned int offset = l + r;
-  const FWORD *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD));
-  if (unlikely ((const char *) v < (const char *) &t.array ||
-   (const char *) v - (const char *) this > header.length - 
v->static_size))
-   return 0;
-  return *v;
+  const FWORD &v = StructAtOffset (&(this+t.array), offset * sizeof 
(FWORD));
+  if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
+  return v;
 }
   }
 
commit 5733113662e668a25187e0042935d955e44fb488
Author: Behdad Esfahbod 
Date:   Sat Oct 13 12:16:12 2018 -0400

[kerx] Wire up context down to get_kerning

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index d59d6374..2004e579 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -226,8 +226,9 @@ struct KerxSubTableFormat1
 struct KerxSubTableFormat2
 {
   inline int get_kerning (hb_codepoint_t left, hb_codepoint_t right,
- unsigned int num_glyphs) const
+ hb_aat_apply_context_t *c) const
   {
+unsigned int num_glyphs = c->sanitizer.get_num_glyphs ();
 unsigned int l = (this+leftClassTable).get_value_or_null (left, 
num_glyphs);
 unsigned int r = (this+rightClassTable).get_value_or_null (right, 
num_glyphs);
 unsigned int offset = l + r;
@@ -245,8 +246,7 @@ struct KerxSubTableFormat2
 if (!c->plan->requested_kerning)
   return false;
 
-accelerator_t accel (*this,
-c->sanitizer.get_num_glyphs ());
+accelerator_t accel (*this, c);
 hb_kern_machine_t machine (accel);
 machine.kern (c->font, c->buffer, c->plan->kern_mask);
 
@@ -264,16 +264,14 @@ struct KerxSubTableFormat2
   struct accelerator_t
   {
 const KerxSubTableFormat2 &table;
-unsigned int num_glyphs;
+hb_aat_apply_context_t *c;
 
 inline accelerator_t (const KerxSubTableFormat2 &table_,
- unsigned int num_glyphs_)
- : table (table_), num_glyphs (num_glyphs_) {}
+ hb_aat_apply_context_t *c_) :
+   table (table_), c (c_) {}
 
 inline int get_kerning (hb_codepoint_t left, hb_codepoint_t right) const
-{
-  return table.get_kerning (left, right, num_glyphs);
-}
+{ return table.get_kerning (left, right, c); }
   };
 
   protected:
@@ -472,8 +470,9 @@ struct KerxSubTableFormat6
   inline bool is_long (void) const { return flags & ValuesAreLong; }
 
   inline int get_kerning (hb_codepoint_t left, hb_codepoint_t right,
- unsigned int num_glyphs) const
+ hb_aat_apply_context_t *c) const
   {
+unsigned int num_glyphs = c->sanitizer.get_num_glyphs ();
 if (is_long ())
 {
   const U::Long &t =

[HarfBuzz] harfbuzz: Branch 'master' - 4 commits

2018-10-13 Thread Behdad Esfahbod 
 src/hb-aat-layout-kerx-table.hh   |   16 ++--
 src/hb-buffer-serialize.cc|4 -
 src/hb-ot-cmap-table.hh   |4 -
 src/hb-ot-layout-common.hh|4 -
 src/hb-ot-layout-gsubgpos.hh  |8 +-
 src/hb-ot-layout.cc   |  127 +-
 src/hb-ot-layout.h|   25 +++
 src/hb-ot-math-table.hh   |8 +-
 src/hb-ot-name.h  |1 
 src/hb-ot-shape-complex-hangul.cc |   16 ++--
 src/hb-ot-shape-complex.hh|   18 ++---
 11 files changed, 111 insertions(+), 120 deletions(-)

New commits:
commit c4502833b711a76cce1af0c5bf075692b965c991
Author: Behdad Esfahbod 
Date:   Sat Oct 13 11:48:49 2018 -0400

[kerx] Use sanitizer.get_num_glyphs() instead of face->get_num_glyphs()

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index ef6d02db..d59d6374 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -246,7 +246,7 @@ struct KerxSubTableFormat2
   return false;
 
 accelerator_t accel (*this,
-c->face->get_num_glyphs ());
+c->sanitizer.get_num_glyphs ());
 hb_kern_machine_t machine (accel);
 machine.kern (c->font, c->buffer, c->plan->kern_mask);
 
@@ -383,11 +383,11 @@ struct KerxSubTableFormat4
unsigned int currAnchorPoint = *data++;
const Anchor markAnchor = c->ankr_table.get_anchor 
(c->buffer->info[mark].codepoint,
markAnchorPoint,
-   
c->face->get_num_glyphs (),
+   
c->sanitizer.get_num_glyphs (),
c->ankr_end);
const Anchor currAnchor = c->ankr_table.get_anchor (c->buffer->cur 
().codepoint,
currAnchorPoint,
-   
c->face->get_num_glyphs (),
+   
c->sanitizer.get_num_glyphs (),
c->ankr_end);
 
o.x_offset = c->font->em_scale_x (markAnchor.xCoordinate) - 
c->font->em_scale_x (currAnchor.xCoordinate);
@@ -510,7 +510,7 @@ struct KerxSubTableFormat6
   return false;
 
 accelerator_t accel (*this,
-c->face->get_num_glyphs ());
+c->sanitizer.get_num_glyphs ());
 hb_kern_machine_t machine (accel);
 machine.kern (c->font, c->buffer, c->plan->kern_mask);
 
commit fc45e698f2d8a6d577f33b1e69a83714aceae528
Author: Behdad Esfahbod 
Date:   Sat Oct 13 11:39:12 2018 -0400

[kerx] Protext against overflows

diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index cd112912..ef6d02db 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -233,7 +233,7 @@ struct KerxSubTableFormat2
 unsigned int offset = l + r;
 const FWORD *v = &StructAtOffset (&(this+array), offset);
 if (unlikely ((const char *) v < (const char *) &array ||
- (const char *) v + v->static_size - (const char *) this > 
header.length))
+ (const char *) v - (const char *) this > header.length - 
v->static_size))
   return 0;
 return *v;
   }
@@ -480,9 +480,11 @@ struct KerxSubTableFormat6
   unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, 
num_glyphs);
   unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, 
num_glyphs);
   unsigned int offset = l + r;
+  if (unlikely (offset < l)) return 0; /* Addition overflow. */
+  if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32 
return 0;
   const FWORD32 *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD32));
   if (unlikely ((const char *) v < (const char *) &t.array ||
-   (const char *) v + v->static_size - (const char *) this > 
header.length))
+   (const char *) v - (const char *) this > header.length - 
v->static_size))
return 0;
   return *v;
 }
@@ -494,7 +496,7 @@ struct KerxSubTableFormat6
   unsigned int offset = l + r;
   const FWORD *v = &StructAtOffset (&(this+t.array), offset * 
sizeof (FWORD));
   if (unlikely ((const char *) v < (const char *) &t.array ||
-   (const char *) v + v->static_size - (const char *) this > 
header.length))
+   (const char *) v - (const char *) this > header.length - 
v->static_size))
return 0;
   return *v;
 }
commit ed2ee78136c40de8e7b915dfdfd3ca92880912c3
Author: Behdad Esfahbod 
Date:   Sat Oct 13 09:47:51 2018 -0400

[hangul] Fix use-after-free issue

out_info might have moved since we copied it's position into local