Sophie

Sophie

distrib > Mageia > 5 > x86_64 > media > core-updates-src > by-pkgid > 2d18cae527e3e319804e772ae6bd018a > files > 2

harfbuzz-0.9.36-1.1.mga5.src.rpm

From 63ef0b41dc48d6112d1918c1b1de9de8ea90adb5 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 15 Oct 2015 12:47:22 -0300
Subject: [PATCH] [ot-font] Fix hmtx wrong table length check

Discovered by libFuzzer.  Ouch!

https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
---
 src/hb-ot-font.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc
index 3102784..69d2503 100644
--- a/src/hb-ot-font.cc
+++ b/src/hb-ot-font.cc
@@ -57,7 +57,7 @@ struct hb_ot_face_metrics_accelerator_t
 
     this->blob = OT::Sanitizer<OT::_mtx>::sanitize (face->reference_table (_mtx_tag));
     if (unlikely (!this->num_advances ||
-		  2 * (this->num_advances + this->num_metrics) < hb_blob_get_length (this->blob)))
+		  2 * (this->num_advances + this->num_metrics) > hb_blob_get_length (this->blob)))
     {
       this->num_metrics = this->num_advances = 0;
       hb_blob_destroy (this->blob);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional