organicmaps/harfbuzz
13
Fork 0
mirror of https://github.com/harfbuzz/harfbuzz.git synced 2025-04-13 08:42:59 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions 7

[repacker] fix potential use after free in repacker.

Browse source 
During table splitting we iterate over the lookups map which can be modified during table splitting. This can result in a use after free in the iterator. Create a local copy of the lookup indices to avoid this.
This commit is contained in:
Garret Rieger 2023-08-28 18:33:31 +00:00 committed by Behdad Esfahbod
parent a1f034eaac
commit 8d22a57065
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/hb-repacker.hh
View file

@ -79,7 +79,12 @@ bool _presplit_subtables_if_needed (graph::gsubgpos_graph_context_t& ext_context
// pass after this processing is done. Not super necessary as splits are
// only done where overflow is likely, so de-dup probably will get undone
// later anyways.
for (unsigned lookup_index : ext_context.lookups.keys ())
// The loop below can modify the contents of ext_context.lookups if new subtables are added
// to a lookup during a split. So save the initial set of lookup indices so the iteration doesn't
// risk access free'd memory if ext_context.lookups gets resized.
hb_set_t lookup_indices(ext_context.lookups.keys ());
for (unsigned lookup_index : lookup_indices)
{
graph::Lookup* lookup = ext_context.lookups.get(lookup_index);
if (!lookup->split_subtables_if_needed (ext_context, lookup_index))