AuroraMiddleware/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[morx] Fix bailing out ligation at end-of-text

Browse Source 
Check was after a move_to, which wouldn't work.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11147
This commit is contained in:
Behdad Esfahbod 2018-10-26 21:59:20 -07:00
parent 30eab97a00
commit 00ae4be6bf
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/hb-aat-layout-morx-table.hh
View File

@ -399,6 +399,9 @@ struct LigatureSubtable
if (unlikely (!match_length)) if (unlikely (!match_length))
return true; return true;
if (buffer->idx >= buffer->len)
return false; // TODO Work on previous instead?
unsigned int cursor = match_length; unsigned int cursor = match_length;
do do
{ {
@ -421,8 +424,6 @@ struct LigatureSubtable
if (uoffset & 0x20000000) if (uoffset & 0x20000000)
uoffset |= 0xC0000000; /* Sign-extend. */ uoffset |= 0xC0000000; /* Sign-extend. */
int32_t offset = (int32_t) uoffset; int32_t offset = (int32_t) uoffset;
if (buffer->idx >= buffer->len)
return false; // TODO Work on previous instead?
unsigned int component_idx = buffer->cur().codepoint + offset; unsigned int component_idx = buffer->cur().codepoint + offset;
const HBUINT16 &componentData = component[component_idx]; const HBUINT16 &componentData = component[component_idx];