From 1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Sun, 10 Nov 2024 22:43:28 -0700 Subject: [PATCH] [cairo] Guard hb_cairo_glyphs_from_buffer() against bad UTF-8 Previously it was assuming valid UTF-8. --- src/hb-cairo.cc | 2 ++ src/hb-utf.hh | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/hb-cairo.cc b/src/hb-cairo.cc index d8b582c49..4d22ae059 100644 --- a/src/hb-cairo.cc +++ b/src/hb-cairo.cc @@ -1000,6 +1000,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer, end = start + hb_glyph[i].cluster - hb_glyph[i+1].cluster; else end = (const char *) hb_utf_offset_to_pointer ((const uint8_t *) start, + (const uint8_t *) utf8, utf8_len, (signed) (hb_glyph[i].cluster - hb_glyph[i+1].cluster)); (*clusters)[cluster].num_bytes = end - start; start = end; @@ -1020,6 +1021,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer, end = start + hb_glyph[i].cluster - hb_glyph[i-1].cluster; else end = (const char *) hb_utf_offset_to_pointer ((const uint8_t *) start, + (const uint8_t *) utf8, utf8_len, (signed) (hb_glyph[i].cluster - hb_glyph[i-1].cluster)); (*clusters)[cluster].num_bytes = end - start; start = end; diff --git a/src/hb-utf.hh b/src/hb-utf.hh index 1120bd1cc..6db9bf2fd 100644 --- a/src/hb-utf.hh +++ b/src/hb-utf.hh @@ -458,19 +458,21 @@ struct hb_ascii_t template static inline const typename utf_t::codepoint_t * hb_utf_offset_to_pointer (const typename utf_t::codepoint_t *start, + const typename utf_t::codepoint_t *text, + unsigned text_len, signed offset) { hb_codepoint_t unicode; while (offset-- > 0) start = utf_t::next (start, - start + utf_t::max_len, + text + text_len, &unicode, HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT); while (offset++ < 0) start = utf_t::prev (start, - start - utf_t::max_len, + text, &unicode, HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT); -- 2.47.1