Google Git
Sign in
android / platform / external / harfbuzz_ng / c68ab4b52b898f5c168cf662137b3dce922c29d9^! / . / test / api
commitc68ab4b52b898f5c168cf662137b3dce922c29d9[log] [tgz]
authorEbrahim Byagowi <[email protected]>Thu May 21 00:25:17 2020 +0430
committerEbrahim Byagowi <[email protected]>Thu May 21 06:56:09 2020 +0430
treedd6778bdf54c7185558e6493231f59a7ae972f1b
parent57886e2162312b789dd5a1956a883c3fd2c1cee0 [diff]
Fix _get_ligature_caret's oob read issue

AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.

diff --git a/test/api/test-ot-face.c b/test/api/test-ot-face.c
index 5eac868..e3d64f6 100644
--- a/test/api/test-ot-face.c
+++ b/test/api/test-ot-face.c

@@ -95,6 +95,8 @@
   hb_ot_layout_has_substitution (face);
   hb_ot_layout_has_positioning (face);
 
+  hb_ot_layout_get_ligature_carets (font, HB_DIRECTION_LTR, cp, 0, NULL, NULL);
+
   hb_ot_math_has_data (face);
   hb_ot_math_get_constant (font, HB_OT_MATH_CONSTANT_MATH_LEADING);
   hb_ot_math_get_glyph_italics_correction (font, cp);

diff --git a/test/api/test-ot-ligature-carets.c b/test/api/test-ot-ligature-carets.c
index adfa871..39f5689 100644
--- a/test/api/test-ot-ligature-carets.c
+++ b/test/api/test-ot-ligature-carets.c

@@ -96,16 +96,12 @@
   hb_position_t caret_array[16];
 
   {
-/*
     unsigned caret_count = 16;
-    g_assert_cmpuint (210, ==, hb_ot_layout_get_ligature_carets (font, HB_DIRECTION_LTR,
+    g_assert_cmpuint (0, ==, hb_ot_layout_get_ligature_carets (font, HB_DIRECTION_LTR,
 							       188, 0, &caret_count,
 							       caret_array));
-    g_assert_cmpuint (3, ==, caret_count);
-    g_assert_cmpuint (2718, ==, caret_array[0]);
-    g_assert_cmpuint (5438, ==, caret_array[1]);
-    g_assert_cmpuint (5438, ==, caret_array[1]);
-*/
+
+    g_assert_cmpuint (0, ==, caret_count);
   }
 
   {
@@ -118,17 +114,15 @@
     g_assert_cmpuint (2718, ==, caret_array[0]);
     g_assert_cmpuint (5438, ==, caret_array[1]);
     g_assert_cmpuint (5438, ==, caret_array[1]);
-
   }
 
   {
-/*
     unsigned caret_count = 16;
     g_assert_cmpuint (0, ==, hb_ot_layout_get_ligature_carets (font, HB_DIRECTION_LTR,
 							       1021, 0, &caret_count,
 							       caret_array));
+
     g_assert_cmpuint (0, ==, caret_count);
-*/
   }
 
   {