diff options
| author | Seigo Nonaka <nona@google.com> | 2017-09-05 14:23:47 +0900 |
|---|---|---|
| committer | JP Sugarbroad <jpsugar@google.com> | 2017-10-19 13:01:42 -0700 |
| commit | fbdff5828dd1c118e1a871a8f273845dd1d988d6 (patch) | |
| tree | a40ff862cd84310bee0013459e11f0d24afbe655 | |
| parent | 254d126fe9f14d12e7609c93af1698d53f978083 (diff) | |
| download | minikin-nougat-mr2-security-release.tar.gz | |
Drop codepoints that are outside the Unicode range - DO NOT MERGEandroid-7.1.2_r39android-7.1.2_r38android-7.1.2_r37nougat-mr2-security-release
Bug: 62134807
Test: mmma cts/tests/tests/graphics &&
adb install -r $OUT/data/app/CtsGraphicsTestCases/CtsGraphicsTestCases.apk &&
adb shell am instrument -w -e class \
android.graphics.cts.TypefaceTest \
android.graphics.cts/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ic780357bde28e233a15709b5fe07cdb3c532f471
(cherry picked from commit 0e441db0f7d36480fcabbacb9f443223063956a0)
| -rw-r--r-- | libs/minikin/CmapCoverage.cpp | 15 | ||||
| -rw-r--r-- | libs/minikin/MinikinInternal.h | 2 |
2 files changed, 17 insertions, 0 deletions
diff --git a/libs/minikin/CmapCoverage.cpp b/libs/minikin/CmapCoverage.cpp index c02526c..da1cf3e 100644 --- a/libs/minikin/CmapCoverage.cpp +++ b/libs/minikin/CmapCoverage.cpp @@ -25,6 +25,8 @@ using std::vector; #include <minikin/SparseBitSet.h> #include <minikin/CmapCoverage.h> +#include "MinikinInternal.h" + namespace android { // These could perhaps be optimized to use __builtin_bswap16 and friends. @@ -142,6 +144,19 @@ static bool getCoverageFormat12(vector<uint32_t>& coverage, const uint8_t* data, android_errorWriteLog(0x534e4554, "26413177"); return false; } + + // No need to read outside of Unicode code point range. + if (start > MAX_UNICODE_CODE_POINT) { + return true; + } + if (end > MAX_UNICODE_CODE_POINT) { + // file is inclusive, vector is exclusive + addRange(coverage, start, MAX_UNICODE_CODE_POINT + 1); + if (end == 0xFFFFFFFF) { + android_errorWriteLog(0x534e4554, "62134807"); + } + return true; + } if (!addRange(coverage, start, end + 1)) { // file is inclusive, vector is exclusive return false; } diff --git a/libs/minikin/MinikinInternal.h b/libs/minikin/MinikinInternal.h index 88cc947..c6c5b29 100644 --- a/libs/minikin/MinikinInternal.h +++ b/libs/minikin/MinikinInternal.h @@ -47,6 +47,8 @@ bool isEmojiModifier(uint32_t c); hb_blob_t* getFontTable(MinikinFont* minikinFont, uint32_t tag); +constexpr uint32_t MAX_UNICODE_CODE_POINT = 0x10FFFF; + // An RAII wrapper for hb_blob_t class HbBlob { public: |