ref: 23367ff97f33ef6a2b7e1fced1157c87a46d9596
parent: 0318168ea807b044711389203a2fb8f27ebf238b
author: Werner Lemberg <[email protected]>
date: Mon Mar 17 03:33:14 EDT 2014
Fix Savannah bug #41869. This works around a problem with HarfBuzz (<= 0.9.26), which doesn't validate glyph indices returned by `hb_ot_layout_lookup_collect_glyphs'. * src/autofit/hbshim.c (af_get_coverage): Guard `idx'. * docs/CHANGES: Updated.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2014-03-17 Werner Lemberg <[email protected]>
+
+ Fix Savannah bug #41869.
+
+ This works around a problem with HarfBuzz (<= 0.9.26), which doesn't
+ validate glyph indices returned by
+ `hb_ot_layout_lookup_collect_glyphs'.
+
+ * src/autofit/hbshim.c (af_get_coverage): Guard `idx'.
+
+ * docs/CHANGES: Updated.
+
2014-03-14 Werner Lemberg <[email protected]>
* builds/unix/configure.raw: Don't show error messages of `which'.
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -1,11 +1,20 @@
+CHANGES BETWEEN 2.5.3 and 2.5.4
+ I. IMPORTANT BUG FIXES
+
+ - The new auto-hinter code using HarfBuzz crashed for some invalid
+ fonts.
+
+
+======================================================================
+
CHANGES BETWEEN 2.5.2 and 2.5.3
I. IMPORTANT BUG FIXES
- - A vulnerability was identified and fixed in the new CFF driver
- (cf. http://savannah.nongnu.org/bugs/?41697; it doesn't have a
- CVE number yet). All users should upgrade.
+ - A vulnerability (CVE-2014-2240) was identified and fixed in the
+ new CFF driver (cf. http://savannah.nongnu.org/bugs/?41697).
+ All users should upgrade.
- More bug fixes related to correct positioning of composite
glyphs.
--- a/src/autofit/hbshim.c
+++ b/src/autofit/hbshim.c
@@ -347,6 +347,11 @@
count++;
#endif
+ /* HarfBuzz 0.9.26 and older doesn't validate glyph indices */
+ /* returned by `hb_ot_layout_lookup_collect_glyphs'... */
+ if ( idx >= (hb_codepoint_t)globals->glyph_count )
+ continue;
+
if ( gstyles[idx] == AF_STYLE_UNASSIGNED )
gstyles[idx] = (FT_Byte)style_class->style;
#ifdef FT_DEBUG_LEVEL_TRACE