packages/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-25193

Browse Source
This commit is contained in:
zhouwenpei 2023-02-15 06:23:31 +00:00
parent d068b04092
commit bb477ce1db
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-CVE-2023-25193.patch Normal file
View File

@ -0,0 +1,38 @@
From 85be877925ddbf34f74a1229f3ca1716bb6170dc Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 1 Feb 2023 20:00:43 -0700
Subject: [PATCH] [layout] Limit how far we skip when looking back
See comments.
---
src/hb-ot-layout-gsubgpos.hh | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
index c9750ff..b83f49e 100644
--- a/src/hb-ot-layout-gsubgpos.hh
+++ b/src/hb-ot-layout-gsubgpos.hh
@@ -560,7 +560,19 @@ struct hb_ot_apply_context_t :
bool prev (unsigned *unsafe_from = nullptr)
{
assert (num_items > 0);
- while (idx > num_items - 1)
+ /* The alternate condition below is faster at string boundaries,
+ * but produces subpar "unsafe-to-concat" values. */
+ unsigned stop = num_items - 1;
+ if (c->buffer->flags & HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)
+ stop = 1 - 1;
+
+ /* When looking back, limit how far we search; this function is mostly
+ * used for looking back for base glyphs when attaching marks. If we
+ * don't limit, we can get O(n^2) behavior where n is the number of
+ * consecutive marks. */
+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+ while (idx > stop)
{
idx--;
const hb_glyph_info_t &info = c->buffer->out_info[idx];
--
2.33.0

6
harfbuzz.spec
View File

@ -1,12 +1,13 @@
Name: harfbuzz Name: harfbuzz
Version: 4.3.0 Version: 4.3.0
Release: 2 Release: 3
Summary: A text shaping engine Summary: A text shaping engine
License: MIT License: MIT
URL: https://harfbuzz.github.io/ URL: https://harfbuzz.github.io/
Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz Source0: https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
Patch0001: backport-CVE-2022-33068.patch Patch0001: backport-CVE-2022-33068.patch
Patch0002: backport-CVE-2023-25193.patch
BuildRequires: gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel BuildRequires: gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel
BuildRequires: gtk-doc libicu-devel gobject-introspection-devel make BuildRequires: gtk-doc libicu-devel gobject-introspection-devel make
@ -70,6 +71,9 @@ make check
%{_datadir}/gtk-doc/html/harfbuzz/* %{_datadir}/gtk-doc/html/harfbuzz/*
%changelog %changelog
* Wed Feb 15 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-3
- fix CVE-2023-25193
* Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-2 * Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-2
- fix CVE-2022-33068 - fix CVE-2022-33068