File CVE-2023-25193.patch of Package harfbuzz

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-25193.patch of Package harfbuzz

From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 1 Feb 2023 20:00:43 -0700
Subject: [PATCH] [layout] Limit how far we skip when looking back

See comments.
---
diff -urp harfbuzz-2.6.4.orig/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.6.4/src/hb-ot-layout-gsubgpos.hh
--- harfbuzz-2.6.4.orig/src/hb-ot-layout-gsubgpos.hh	2019-10-28 13:56:11.000000000 -0500
+++ harfbuzz-2.6.4/src/hb-ot-layout-gsubgpos.hh	2023-04-05 12:20:07.952727095 -0500
@@ -399,7 +399,15 @@ struct hb_ot_apply_context_t :
     bool prev ()
     {
       assert (num_items > 0);
-      while (idx > num_items - 1)
+      unsigned stop = num_items - 1;
+
+      /* When looking back, limit how far we search; this function is mostly
+       * used for looking back for base glyphs when attaching marks. If we
+       * don't limit, we can get O(n^2) behavior where n is the number of
+       * consecutive marks. */
+      stop = (unsigned) ((int) stop >= (int) idx - HB_MAX_CONTEXT_LENGTH ? stop : (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+      while (idx > stop)
       {
 	idx--;
 	const hb_glyph_info_t &info = c->buffer->out_info[idx];

Places

File CVE-2023-25193.patch of Package harfbuzz

Places