AuroraMiddleware/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Protect against div-by-zero in CBDT extent code

Browse Source 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1452#c5

CC https://github.com/behdad/harfbuzz/issues/139
This commit is contained in:
Behdad Esfahbod 2017-08-09 17:09:21 -07:00
parent 3b54d0337e
commit 68af14d5cc
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hb-ft.cc
View File

@ -493,7 +493,7 @@ reference_table (hb_face_t *face HB_UNUSED, hb_tag_t tag, void *user_data)
return NULL; return NULL;
buffer = (FT_Byte *) malloc (length); buffer = (FT_Byte *) malloc (length);
if (buffer == NULL) if (!buffer)
return NULL; return NULL;
error = FT_Load_Sfnt_Table (ft_face, tag, 0, buffer, &length); error = FT_Load_Sfnt_Table (ft_face, tag, 0, buffer, &length);
@ -521,7 +521,7 @@ hb_ft_face_create (FT_Face ft_face,
{ {
hb_face_t *face; hb_face_t *face;
if (ft_face->stream->read == NULL) { if (!ft_face->stream->read) {
hb_blob_t *blob; hb_blob_t *blob;
blob = hb_blob_create ((const char *) ft_face->stream->base, blob = hb_blob_create ((const char *) ft_face->stream->base,

6
src/hb-ot-font.cc
View File

@ -224,7 +224,7 @@ struct hb_ot_face_cbdt_accelerator_t
const OT::CBDT *cbdt; const OT::CBDT *cbdt;
unsigned int cbdt_len; unsigned int cbdt_len;
float upem; unsigned int upem;
inline void init (hb_face_t *face) inline void init (hb_face_t *face)
{ {
@ -254,11 +254,11 @@ struct hb_ot_face_cbdt_accelerator_t
{ {
unsigned int x_ppem = upem, y_ppem = upem; /* TODO Use font ppem if available. */ unsigned int x_ppem = upem, y_ppem = upem; /* TODO Use font ppem if available. */
if (cblc == NULL) if (!cblc)
return false; // Not a color bitmap font. return false; // Not a color bitmap font.
const OT::IndexSubtableRecord *subtable_record = this->cblc->find_table(glyph, &x_ppem, &y_ppem); const OT::IndexSubtableRecord *subtable_record = this->cblc->find_table(glyph, &x_ppem, &y_ppem);
if (subtable_record == NULL) if (!subtable_record || !x_ppem || !y_ppem)
return false; return false;
if (subtable_record->get_extents (extents)) if (subtable_record->get_extents (extents))

4
src/hb-shape-plan.cc
View File

@ -160,7 +160,7 @@ hb_shape_plan_create2 (hb_face_t *face,
assert (props->direction != HB_DIRECTION_INVALID); assert (props->direction != HB_DIRECTION_INVALID);
hb_face_make_immutable (face); hb_face_make_immutable (face);
shape_plan->default_shaper_list = shaper_list == NULL; shape_plan->default_shaper_list = !shaper_list;
shape_plan->face_unsafe = face; shape_plan->face_unsafe = face;
shape_plan->props = *props; shape_plan->props = *props;
shape_plan->num_user_features = num_user_features; shape_plan->num_user_features = num_user_features;
@ -423,7 +423,7 @@ hb_shape_plan_matches (const hb_shape_plan_t *shape_plan,
return hb_segment_properties_equal (&shape_plan->props, &proposal->props) && return hb_segment_properties_equal (&shape_plan->props, &proposal->props) &&
hb_shape_plan_user_features_match (shape_plan, proposal) && hb_shape_plan_user_features_match (shape_plan, proposal) &&
hb_shape_plan_coords_match (shape_plan, proposal) && hb_shape_plan_coords_match (shape_plan, proposal) &&
((shape_plan->default_shaper_list && proposal->shaper_list == NULL) || ((shape_plan->default_shaper_list && !proposal->shaper_list) ||
(shape_plan->shaper_func == proposal->shaper_func)); (shape_plan->shaper_func == proposal->shaper_func));
} }