From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001 From: Jiang Jiang Date: Mon, 18 Jul 2011 08:49:32 +0200 Subject: Check for buffer overflow in Lookup_MarkMarkPos That may cause crash in this function with certain fonts. Task-number: QTBUG-17238 Done-by: Alberto Garcia Reviewed-by: Jiang Jiang --- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c index a216005..7bd3b3b 100644 --- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c +++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c @@ -3012,6 +3012,9 @@ static HB_Error Lookup_MarkMarkPos( GPOS_Instance* gpi, j--; } + if ( i > buffer->in_pos ) + return HB_Err_Not_Covered; + error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ), &mark2_index ); if ( error ) -- cgit v0.12