[collect_glyphs] Bail if input data looks like garbage

Specificaly, when a range or sorted array has unexpected order, we take that as font data being garbage and bail out. This fixes significant slowdown on a bad version of Chandas font which has a 600KB GPOS with garbage inside. Later on, I like to add a maximum-work counter for collect_glyphs to protect against malicious fonts as well. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=794896
7 years ago · a7bd6d7a4c
parent 1ce7d6e215
commit a7bd6d7a4c
2 changed files with 9 additions and 9 deletions
--- a/src/hb-ot-layout-common-private.hh
+++ b/src/hb-ot-layout-common-private.hh
@ -819,7 +819,7 @@ struct CoverageFormat2
    unsigned int count = rangeRecord.len;
    for (unsigned int i = 0; i < count; i++)
      if (unlikely (!rangeRecord[i].add_coverage (glyphs)))
-        return true;//XXXXXXXXXXXXfalse;
+        return false;
    return true;
  }

@ -934,7 +934,7 @@ struct Coverage
    switch (u.format) {
    case 1: return u.format1.add_coverage (glyphs);
    case 2: return u.format2.add_coverage (glyphs);
-    default:return true;//XXXXXXXXXXXfalse;
+    default:return false;
    }
  }

@ -1030,13 +1030,13 @@ struct ClassDefFormat1

      if (start != i)
 	if (unlikely (!glyphs->add_range (startGlyph + start, startGlyph + i)))
-	  return true;//XXXXXXXXfalse
+	  return false;

      start = i + 1;
    }
    if (start != count)
      if (unlikely (!glyphs->add_range (startGlyph + start, startGlyph + count)))
-	return true;//XXXXXXXXfalse
+	return false;

    return true;
  }
@ -1107,7 +1107,7 @@ struct ClassDefFormat2
    for (unsigned int i = 0; i < count; i++)
      if (rangeRecord[i].value)
 	if (unlikely (!rangeRecord[i].add_coverage (glyphs)))
-	  return true;//XXXXXXXXXXXXfalse;
+	  return false;
    return true;
  }

@ -1118,7 +1118,7 @@ struct ClassDefFormat2
    {
      if (rangeRecord[i].value == klass)
        if (unlikely (!rangeRecord[i].add_coverage (glyphs)))
-	  return true;//XXXXXXXXXXXXfalse;
+	  return false;
    }
    return true;
  }
@ -1185,7 +1185,7 @@ struct ClassDef
    switch (u.format) {
    case 1: return u.format1.add_coverage (glyphs);
    case 2: return u.format2.add_coverage (glyphs);
-    default:return true;//XXXXXXXXXXXfalse;
+    default:return false;
    }
  }

--- a/src/hb-set-private.hh
+++ b/src/hb-set-private.hh
@ -230,7 +230,7 @@ struct hb_set_t
  }
  inline bool add_range (hb_codepoint_t a, hb_codepoint_t b)
  {
-    if (unlikely (in_error || a > b || a == INVALID || b == INVALID)) return true;//XXXXXXXfalse;
+    if (unlikely (in_error || a > b || a == INVALID || b == INVALID)) return false;
    unsigned int ma = get_major (a);
    unsigned int mb = get_major (b);
    if (ma == mb)
@ -283,7 +283,7 @@ struct hb_set_t
  template <typename T>
  inline bool add_sorted_array (const T *array, unsigned int count, unsigned int stride=sizeof(T))
  {
-    if (unlikely (in_error)) return true;//XXXfalse
+    if (unlikely (in_error)) return false;
    if (!count) return true;
    hb_codepoint_t g = *array;
    while (count)