fix CVE-2022-33068

backport-CVE-2022-33068.patch

@@ -0,0 +1,29 @@
+From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Wed, 1 Jun 2022 07:38:21 -0600
+Subject: [PATCH] [sbix] Limit glyph extents
+
+Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
+---
+ src/hb-ot-color-sbix-table.hh       |   6 ++++++
+ test/fuzzing/fonts/sbix-extents.ttf | Bin 0 -> 582 bytes
+ 2 files changed, 6 insertions(+)
+ create mode 100644 test/fuzzing/fonts/sbix-extents.ttf
+
+diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
+index 9741ebd450..6efae43cda 100644
+--- a/src/hb-ot-color-sbix-table.hh
++++ b/src/hb-ot-color-sbix-table.hh
+@@ -298,6 +298,12 @@ struct sbix
+ 
+       const PNGHeader &png = *blob->as<PNGHeader>();
+ 
++      if (png.IHDR.height >= 65536 | png.IHDR.width >= 65536)
++      {
++	hb_blob_destroy (blob);
++	return false;
++      }
++
+       extents->x_bearing = x_offset;
+       extents->y_bearing = png.IHDR.height + y_offset;
+       extents->width     = png.IHDR.width;

harfbuzz.spec

@@ -1,11 +1,13 @@
 Name:           harfbuzz
 Version:        4.3.0
-Release:        1
+Release:        2
 Summary:        A text shaping engine
 License:        MIT
 URL:            https://harfbuzz.github.io/
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
 
+Patch0001:	backport-CVE-2022-33068.patch
+
 BuildRequires:  gcc-c++ freetype-devel cairo-devel glib2-devel graphite2-devel
 BuildRequires:  gtk-doc libicu-devel gobject-introspection-devel make
 Provides:       harfbuzz-icu
@@ -68,6 +70,9 @@ make check
 %{_datadir}/gtk-doc/html/harfbuzz/*
 
 %changelog
+* Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-2
+- fix CVE-2022-33068
+
 * Mon Jun 20 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 4.3.0-1
 - update to 4.3.0