forked from pool/harfbuzz
Bjørn Lie
7a420960eb
- Add harfbuzz-CVE-2023-25193.patch: limit how far we skip when looking back (boo#1207922 CVE-2023-25193). OBS-URL: https://build.opensuse.org/request/show/1063480 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/harfbuzz?expand=0&rev=227
32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
|
|
From: Behdad Esfahbod <behdad@behdad.org>
|
|
Date: Wed, 1 Feb 2023 20:00:43 -0700
|
|
Subject: [PATCH] [layout] Limit how far we skip when looking back
|
|
|
|
See comments.
|
|
---
|
|
src/hb-ot-layout-gsubgpos.hh | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
|
|
index bf74672a1..8ca691805 100644
|
|
--- a/src/hb-ot-layout-gsubgpos.hh
|
|
+++ b/src/hb-ot-layout-gsubgpos.hh
|
|
@@ -578,6 +578,13 @@ struct hb_ot_apply_context_t :
|
|
unsigned stop = num_items - 1;
|
|
if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
|
|
stop = 1 - 1;
|
|
+
|
|
+ /* When looking back, limit how far we search; this function is mostly
|
|
+ * used for looking back for base glyphs when attaching marks. If we
|
|
+ * don't limit, we can get O(n^2) behavior where n is the number of
|
|
+ * consecutive marks. */
|
|
+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
|
|
+
|
|
while (idx > stop)
|
|
{
|
|
idx--;
|
|
--
|
|
2.39.0
|
|
|