Check for buffer overflow in Lookup_MarkMarkPos

That may cause crash in this function with certain fonts. Task-number: QTBUG-17238 Done-by: Alberto Garcia <agarcia@igalia.com> Reviewed-by: Jiang Jiang
author: Jiang Jiang <jiang.jiang@nokia.com> 2011-07-18 06:49:32 (GMT)
committer: Jiang Jiang <jiang.jiang@nokia.com> 2011-07-19 08:47:34 (GMT)
commit: 9ae6f2f9a57f0c3096d5785913e437953fa6775c (patch)
tree: 33e6bdc5907a0dc71e8caeb5ae1556f943837fce /src/3rdparty/harfbuzz
parent: 7ddf40aa71ca0adb7846bf8b0df2240a3870d894 (diff)
download: Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.zip
Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.tar.gz
Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
index a216005..7bd3b3b 100644
--- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
@@ -3012,6 +3012,9 @@ static HB_Error  Lookup_MarkMarkPos( GPOS_Instance*    gpi,
     j--;
   }
 
+  if ( i > buffer->in_pos )
+    return HB_Err_Not_Covered;
+
   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
 			  &mark2_index );
   if ( error )
author	Jiang Jiang <jiang.jiang@nokia.com>	2011-07-18 06:49:32 (GMT)
committer	Jiang Jiang <jiang.jiang@nokia.com>	2011-07-19 08:47:34 (GMT)
commit	9ae6f2f9a57f0c3096d5785913e437953fa6775c (patch)
tree	33e6bdc5907a0dc71e8caeb5ae1556f943837fce /src/3rdparty/harfbuzz
parent	7ddf40aa71ca0adb7846bf8b0df2240a3870d894 (diff)
download	Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.zip Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.tar.gz Qt-9ae6f2f9a57f0c3096d5785913e437953fa6775c.tar.bz2