[arch-commits] Commit in harfbuzz/trunk (PKGBUILD crash.patch hmtx.patch)

Thu Oct 15 22:49:55 UTC 2015

Date: Friday, October 16, 2015 @ 00:49:54
  Author: heftig
Revision: 249426

fix FS46717

Added:
  harfbuzz/trunk/crash.patch
  harfbuzz/trunk/hmtx.patch
Modified:
  harfbuzz/trunk/PKGBUILD

-------------+
 PKGBUILD    |   13 ++++++++++---
 crash.patch |   13 +++++++++++++
 hmtx.patch  |   25 +++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2015-10-15 22:22:44 UTC (rev 249425)
+++ PKGBUILD	2015-10-15 22:49:54 UTC (rev 249426)
@@ -4,18 +4,25 @@
 pkgbase=(harfbuzz)
 pkgname=(harfbuzz harfbuzz-icu)
 pkgver=1.0.5
-pkgrel=1
+pkgrel=2
 pkgdesc="OpenType text shaping engine"
 arch=(i686 x86_64)
 url="http://www.freedesktop.org/wiki/Software/HarfBuzz"
 license=(MIT)
 makedepends=(glib2 freetype2 graphite cairo icu gobject-introspection)
-source=(http://www.freedesktop.org/software/harfbuzz/release/${pkgbase}-${pkgver}.tar.bz2)
-sha256sums=('4d99d2c6a58ecb55538ccab522e68836383852f9f41f696d2b93cd8f85195440')
+source=(http://www.freedesktop.org/software/harfbuzz/release/${pkgbase}-${pkgver}.tar.bz2
+        hmtx.patch crash.patch)
+sha256sums=('4d99d2c6a58ecb55538ccab522e68836383852f9f41f696d2b93cd8f85195440'
+            '703249e3ecfcbf2d449e9cf1eacbfd5627cb8f8943af27637a612a36b05a1d10'
+            '0016e865744feaac97130aa54f755cbc6ebecd75d4d21bc823eb7454d1c16972')
 
 prepare() {
   mkdir path
   ln -s /usr/bin/python2 path/python
+
+  cd $pkgbase-$pkgver
+  patch -Np1 -i ../hmtx.patch
+  patch -Np1 -i ../crash.patch
 }
 
 build() {

Added: crash.patch
===================================================================
--- crash.patch	                        (rev 0)
+++ crash.patch	2015-10-15 22:49:54 UTC (rev 249426)
@@ -0,0 +1,13 @@
+diff --git i/src/hb-ft.cc w/src/hb-ft.cc
+index b695f81..2b11882 100644
+--- i/src/hb-ft.cc
++++ w/src/hb-ft.cc
+@@ -84,7 +84,7 @@ _hb_ft_font_create (FT_Face ft_face, bool unref)
+   ft_font->ft_face = ft_face;
+   ft_font->unref = unref;
+ 
+-  ft_font->load_flags = FT_LOAD_DEFAULT;
++  ft_font->load_flags = FT_LOAD_DEFAULT | FT_LOAD_NO_HINTING;
+ 
+   return ft_font;
+ }

Added: hmtx.patch
===================================================================
--- hmtx.patch	                        (rev 0)
+++ hmtx.patch	2015-10-15 22:49:54 UTC (rev 249426)
@@ -0,0 +1,25 @@
+From 63ef0b41dc48d6112d1918c1b1de9de8ea90adb5 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad at behdad.org>
+Date: Thu, 15 Oct 2015 12:47:22 -0300
+Subject: [ot-font] Fix hmtx wrong table length check
+
+Discovered by libFuzzer.  Ouch!
+
+https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
+
+diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc
+index 3102784..69d2503 100644
+--- a/src/hb-ot-font.cc
++++ b/src/hb-ot-font.cc
+@@ -59,7 +59,7 @@ struct hb_ot_face_metrics_accelerator_t
+ 
+     this->blob = OT::Sanitizer<OT::_mtx>::sanitize (face->reference_table (_mtx_tag));
+     if (unlikely (!this->num_advances ||
+-		  2 * (this->num_advances + this->num_metrics) < hb_blob_get_length (this->blob)))
++		  2 * (this->num_advances + this->num_metrics) > hb_blob_get_length (this->blob)))
+     {
+       this->num_metrics = this->num_advances = 0;
+       hb_blob_destroy (this->blob);
+-- 
+cgit v0.10.2
+

