[pango] [HB] Fix invalid access / overflow on x86-64

From: Behdad Esfahbod <behdad src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [pango] [HB] Fix invalid access / overflow on x86-64
Date: Wed, 12 Aug 2009 19:42:55 +0000 (UTC)
commit ebdcfbeb5aeb3e827326844f2f942570e503e26a
Author: Behdad Esfahbod <behdad behdad org>
Date:   Wed Aug 12 15:40:04 2009 -0400

    [HB] Fix invalid access / overflow on x86-64
    
    Bug 591557 â?? [HB] crash scrolling the evolution message list
    Bug 591576 â?? crashed with SIGSEGV at pango

 pango/opentype/hb-ot-layout-gpos-private.hh |   21 ++++++++++++---------
 pango/opentype/hb-ot-layout-gsub-private.hh |    2 --
 2 files changed, 12 insertions(+), 11 deletions(-)
---
diff --git a/pango/opentype/hb-ot-layout-gpos-private.hh b/pango/opentype/hb-ot-layout-gpos-private.hh
index 307f269..c7ac4f0 100644
--- a/pango/opentype/hb-ot-layout-gpos-private.hh
+++ b/pango/opentype/hb-ot-layout-gpos-private.hh
@@ -913,13 +913,14 @@ struct MarkBasePosFormat1
 
     /* now we search backwards for a non-mark glyph */
     unsigned int count = buffer->in_pos;
-    unsigned int i = 1, j = count - 1;
-    while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), LookupFlag::IgnoreMarks, &property))
+    unsigned int i = 0, j = count;
+    do
     {
       if (HB_UNLIKELY (i == count))
 	return false;
       i++, j--;
-    }
+    } while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), LookupFlag::IgnoreMarks, &property))
+
 #if 0
     /* The following assertion is too strong. */
     if (!(property & HB_OT_LAYOUT_GLYPH_CLASS_BASE_GLYPH))
@@ -1046,13 +1047,14 @@ struct MarkLigPosFormat1
 
     /* now we search backwards for a non-mark glyph */
     unsigned int count = buffer->in_pos;
-    unsigned int i = 1, j = count - 1;
-    while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), LookupFlag::IgnoreMarks, &property))
+    unsigned int i = 0, j = count;
+    do
     {
       if (HB_UNLIKELY (i == count))
 	return false;
       i++, j--;
-    }
+    } while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), LookupFlag::IgnoreMarks, &property));
+
 #if 0
     /* The following assertion is too strong. */
     if (!(property & HB_OT_LAYOUT_GLYPH_CLASS_LIGATURE))
@@ -1203,13 +1205,14 @@ struct MarkMarkPosFormat1
 
     /* now we search backwards for a suitable mark glyph until a non-mark glyph */
     unsigned int count = buffer->in_pos;
-    unsigned int i = 1, j = count - 1;
-    while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), lookup_flag, &property))
+    unsigned int i = 0, j = count;
+    do
     {
       if (HB_UNLIKELY (i == count))
 	return false;
       i++, j--;
-    }
+    } while (_hb_ot_layout_skip_mark (context->face, IN_INFO (j), lookup_flag, &property));
+
     if (!(property & HB_OT_LAYOUT_GLYPH_CLASS_MARK))
       return false;
 
diff --git a/pango/opentype/hb-ot-layout-gsub-private.hh b/pango/opentype/hb-ot-layout-gsub-private.hh
index 50b6286..af27829 100644
--- a/pango/opentype/hb-ot-layout-gsub-private.hh
+++ b/pango/opentype/hb-ot-layout-gsub-private.hh
@@ -798,11 +798,9 @@ struct SubstLookup : Lookup
 	}
 	if (ret)
 	  _hb_buffer_swap (buffer);
-
     }
     else
     {
-
 	/* in-place backward substitution */
 	buffer->in_pos = buffer->in_length - 1;
 	do
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]