Bug 1223002 - Cherry-pick post-1.3.4 bugfixes for graphite2 from upstream. r=jdaggett

2024-09-13 09:24:08 -07:00 · 2015-11-19 13:33:17 +00:00 · 2015-11-19 13:33:17 +00:00 · cbe1ec5b41
commit cbe1ec5b41
parent b4b0d26ddf
4 changed files with 11 additions and 5 deletions
--- a/gfx/graphite2/README.mozilla
+++ b/gfx/graphite2/README.mozilla
@ -1,3 +1,6 @@
 This directory contains the Graphite2 library release 1.3.4 from
 https://github.com/silnrsi/graphite/releases/download/1.3.4/graphite2-minimal-1.3.4.tgz
 See ./gfx/graphite2/moz-gr-update.sh for update procedure.
+
+Bug 1223002: Updated to upstream commit 6106dcbd5bc4df2e6ef6a7c632c69ca71ba2b518
+to fix recently-discovered fuzzbugs.
--- a/gfx/graphite2/src/Code.cpp
+++ b/gfx/graphite2/src/Code.cpp
@ -120,6 +120,7 @@ private:
    analysis            _analysis;
    enum passtype       _passtype;
    int                 _stack_depth;
+    bool                _in_ctxt_item;
 };


@ -139,7 +140,8 @@ inline Machine::Code::decoder::decoder(limits & lims, Code &code, enum passtype
  _pre_context(code._constraint ? 0 : lims.pre_context), 
  _rule_length(code._constraint ? 1 : lims.rule_length), 
  _instr(code._code), _data(code._data), _max(lims), _passtype(pt),
-  _stack_depth(0)
+  _stack_depth(0),
+  _in_ctxt_item(false)
 { }
    

@ -356,8 +358,8 @@ opcode Machine::Code::decoder::fetch_opcode(const byte * bc)
            break;
        case CNTXT_ITEM :
            valid_upto(_max.rule_length, _max.pre_context + int8(bc[0]));
-            if (bc + 2 + bc[1] >= _max.bytecode)  failure(jump_past_end);
-            if (_pre_context != 0)                failure(nested_context_item);
+            if (bc + 2 + bc[1] >= _max.bytecode)    failure(jump_past_end);
+            if (_in_ctxt_item)                      failure(nested_context_item);
            break;
        case ATTR_SET :
        case ATTR_ADD :
@ -578,6 +580,7 @@ bool Machine::Code::decoder::emit_opcode(opcode opc, const byte * & bc)
    if (opc == CNTXT_ITEM)
    {
        assert(_pre_context == 0);
+        _in_ctxt_item = true;
        _pre_context = _max.pre_context + int8(_data[-2]);
        _rule_length = _max.rule_length;

@ -596,6 +599,7 @@ bool Machine::Code::decoder::emit_opcode(opcode opc, const byte * & bc)

            _rule_length = 1;
            _pre_context = 0;
+            _in_ctxt_item = false;
        }
        else
        {
--- a/gfx/graphite2/src/Face.cpp
+++ b/gfx/graphite2/src/Face.cpp
@ -195,7 +195,6 @@ bool Face::runGraphite(Segment *seg, const Silf *aSilf) const
                << "output" << json::array;
        for(Slot * s = seg->first(); s; s = s->next())
            *dbgout     << dslot(seg, s);
-        seg->finalise(0);                   // Call this here to fix up charinfo back indexes.
        *dbgout         << json::close
                << "advance" << seg->advance()
                << "chars"   << json::array;
--- a/gfx/graphite2/src/TtfUtil.cpp
+++ b/gfx/graphite2/src/TtfUtil.cpp
@ -952,7 +952,7 @@ gid16 CmapSubtable4Lookup(const void * pCmapSubtabel4, unsigned int nUnicodeId,
    uint16 nSeg = be::swap(pTable->seg_count_x2) >> 1;
  
    uint16 n;
-        const uint16 * pLeft, * pMid;
+    const uint16 * pLeft, * pMid;
    uint16 cMid, chStart, chEnd;

    if (rangeKey)