diff mbox series

[dunfell] harfbuzz: Resolve backported commit bug.

Message ID 20230726064533.1263164-1-dnagodra@cisco.com
State Accepted, archived
Headers show
Series [dunfell] harfbuzz: Resolve backported commit bug. | expand

Commit Message

Dhairya Nagodra -X (dnagodra - E-INFO CHIPS INC at Cisco) July 26, 2023, 6:45 a.m. UTC 
The commit [https://github.com/openembedded/openembedded-core/commit/c22bbe9b45e3]
backports fix for CVE-2023-25193 for version 2.6.4.
The apply() in src/hb-ot-layout-gpos-table.hh ends prematurely.
The if block in apply() has an extra return statement,
which causes it to return w/o executing
buffer->unsafe_to_concat_from_outbuffer() function.

Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
---
 .../harfbuzz/harfbuzz/CVE-2023-25193.patch       | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
index 8243117551..e4ac13dbad 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -1,4 +1,4 @@ 
-From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From 9c8e972dbecda93546038d24444d8216397d75a3 Mon Sep 17 00:00:00 2001
 From: Behdad Esfahbod <behdad@behdad.org>
 Date: Mon, 6 Feb 2023 14:51:25 -0700
 Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
@@ -8,13 +8,15 @@  Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be87
 Comment2: The Patch contained files MarkBasePosFormat1.hh and MarkLigPosFormat1.hh which were moved from hb-ot-layout-gpos-table.hh as per https://github.com/harfbuzz/harfbuzz/commit/197d9a5c994eb41c8c89b7b958b26b1eacfeeb00
 CVE: CVE-2023-25193
 Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
+
 ---
- src/hb-ot-layout-gpos-table.hh | 101 ++++++++++++++++++++++++---------
+ src/hb-ot-layout-gpos-table.hh | 103 +++++++++++++++++++++++----------
  src/hb-ot-layout-gsubgpos.hh   |   5 +-
- 2 files changed, 77 insertions(+), 29 deletions(-)
+ 2 files changed, 78 insertions(+), 30 deletions(-)
 
 diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh
-index 024312d..88df13d 100644
+index 024312d..db5f9ae 100644
 --- a/src/hb-ot-layout-gpos-table.hh
 +++ b/src/hb-ot-layout-gpos-table.hh
 @@ -1458,6 +1458,25 @@ struct MarkBasePosFormat1
@@ -102,8 +104,9 @@  index 024312d..88df13d 100644
 +    //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); }
  
 -    unsigned int base_index = (this+baseCoverage).get_coverage  (buffer->info[skippy_iter.idx].codepoint);
+-    if (base_index == NOT_COVERED) return_trace (false);
 +    unsigned int base_index = (this+baseCoverage).get_coverage  (buffer->info[idx].codepoint);
-     if (base_index == NOT_COVERED) return_trace (false);
++    if (base_index == NOT_COVERED)
 +    {
 +      buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1);
 +      return_trace (false);
@@ -174,6 +177,3 @@  index 5a7e564..437123c 100644
    void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); }
    void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); }
    void set_random (bool random_) { random = random_; }
--- 
-2.25.1
-