diff options
| author | Seigo Nonaka <nona@google.com> | 2017-09-05 14:23:47 +0900 |
|---|---|---|
| committer | JP Sugarbroad <jpsugar@google.com> | 2017-10-19 13:01:06 -0700 |
| commit | 3433330d0b4acebf609a737087aeb56cacc315e0 (patch) | |
| tree | a40ff862cd84310bee0013459e11f0d24afbe655 | |
| parent | fafca0fb0f70c8b5bbae09b50571669a8cd870fe (diff) | |
| download | minikin-3433330d0b4acebf609a737087aeb56cacc315e0.tar.gz | |
Drop codepoints that are outside the Unicode range - DO NOT MERGEandroid-7.1.1_r61android-7.1.1_r60android-7.1.1_r59nougat-mr1.8-releasenougat-mr1-security-release
Bug: 62134807
Test: mmma cts/tests/tests/graphics &&
adb install -r $OUT/data/app/CtsGraphicsTestCases/CtsGraphicsTestCases.apk &&
adb shell am instrument -w -e class \
android.graphics.cts.TypefaceTest \
android.graphics.cts/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ic780357bde28e233a15709b5fe07cdb3c532f471
(cherry picked from commit cecaf05df0072f3b5eab3d77ae1659d21bde0b9f)
| -rw-r--r-- | libs/minikin/CmapCoverage.cpp | 15 | ||||
| -rw-r--r-- | libs/minikin/MinikinInternal.h | 2 |
2 files changed, 17 insertions, 0 deletions
diff --git a/libs/minikin/CmapCoverage.cpp b/libs/minikin/CmapCoverage.cpp index c02526c..da1cf3e 100644 --- a/libs/minikin/CmapCoverage.cpp +++ b/libs/minikin/CmapCoverage.cpp @@ -25,6 +25,8 @@ using std::vector; #include <minikin/SparseBitSet.h> #include <minikin/CmapCoverage.h> +#include "MinikinInternal.h" + namespace android { // These could perhaps be optimized to use __builtin_bswap16 and friends. @@ -142,6 +144,19 @@ static bool getCoverageFormat12(vector<uint32_t>& coverage, const uint8_t* data, android_errorWriteLog(0x534e4554, "26413177"); return false; } + + // No need to read outside of Unicode code point range. + if (start > MAX_UNICODE_CODE_POINT) { + return true; + } + if (end > MAX_UNICODE_CODE_POINT) { + // file is inclusive, vector is exclusive + addRange(coverage, start, MAX_UNICODE_CODE_POINT + 1); + if (end == 0xFFFFFFFF) { + android_errorWriteLog(0x534e4554, "62134807"); + } + return true; + } if (!addRange(coverage, start, end + 1)) { // file is inclusive, vector is exclusive return false; } diff --git a/libs/minikin/MinikinInternal.h b/libs/minikin/MinikinInternal.h index 88cc947..c6c5b29 100644 --- a/libs/minikin/MinikinInternal.h +++ b/libs/minikin/MinikinInternal.h @@ -47,6 +47,8 @@ bool isEmojiModifier(uint32_t c); hb_blob_t* getFontTable(MinikinFont* minikinFont, uint32_t tag); +constexpr uint32_t MAX_UNICODE_CODE_POINT = 0x10FFFF; + // An RAII wrapper for hb_blob_t class HbBlob { public: |