[icu] Resolves: rhbz#674328 more ways that freeserif crashes libicu

Caolan McNamara caolanm at fedoraproject.org
Thu Feb 3 09:42:10 UTC 2011 

commit 6c883575a1b797aa03f1e436939cf9725eb56769
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Feb 3 09:42:02 2011 +0000

    Resolves: rhbz#674328 more ways that freeserif crashes libicu

 icu.8320.freeserif.crash.patch |   39 ++++++++++++++++++++++++++++++++++++++-
 icu.spec                       |    5 ++++-
 2 files changed, 42 insertions(+), 2 deletions(-)
---
diff --git a/icu.8320.freeserif.crash.patch b/icu.8320.freeserif.crash.patch
index ad6674c..65e61c8 100644
--- a/icu.8320.freeserif.crash.patch
+++ b/icu.8320.freeserif.crash.patch
@@ -1,4 +1,13 @@
-diff -ru icu.orig/source/layout/LookupProcessor.cpp icu/source/layout/LookupProcessor.cpp
+--- icu/source/layout/LookupProcessor.h	2011-02-03 09:20:27.657005678 +0000
++++ icu/source/layout/LookupProcessor.h	2011-02-03 09:25:34.498396208 +0000
+@@ -58,6 +58,7 @@
+     const FeatureListTable  *featureListTable;
+ 
+     FeatureMask            *lookupSelectArray;
++    le_uint32              lookupSelectCount;
+ 
+     le_uint16               *lookupOrderArray;
+     le_uint32               lookupOrderCount;
 --- icu/source/layout/LookupProcessor.cpp	2011-02-02 12:29:54.369077099 +0000
 +++ icu/source/layout/LookupProcessor.cpp	2011-02-02 12:31:54.215503036 +0000
 @@ -70,6 +70,10 @@
@@ -12,3 +21,31 @@ diff -ru icu.orig/source/layout/LookupProcessor.cpp icu/source/layout/LookupProc
              le_uint16 lookupFlags = SWAPW(lookupTable->lookupFlags);
              
              glyphIterator.reset(lookupFlags, selectMask);
+@@ -111,6 +115,9 @@
+     for (le_uint16 lookup = 0; lookup < lookupCount; lookup += 1) {
+         le_uint16 lookupListIndex = SWAPW(featureTable->lookupListIndexArray[lookup]);
+ 
++	if (lookupListIndex >= lookupSelectCount)
++	    continue;
++
+         lookupSelectArray[lookupListIndex] |= featureMask;
+         lookupOrderArray[store++] = lookupListIndex;
+     }
+@@ -122,7 +129,7 @@
+         Offset scriptListOffset, Offset featureListOffset, Offset lookupListOffset,
+         LETag scriptTag, LETag languageTag, const FeatureMap *featureMap, le_int32 featureMapCount, le_bool orderFeatures, 
+         LEErrorCode& success)
+-    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL),
++    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL), lookupSelectCount(0),
+       lookupOrderArray(NULL), lookupOrderCount(0)
+ {
+     const ScriptListTable *scriptListTable = NULL;
+@@ -170,6 +177,8 @@
+         lookupSelectArray[i] = 0;
+     }
+ 
++    lookupSelectCount = lookupListCount;
++
+     le_int32 count, order = 0;
+     le_int32 featureReferences = 0;
+     const FeatureTable *featureTable = NULL;
diff --git a/icu.spec b/icu.spec
index 2cfb9d6..0132c53 100644
--- a/icu.spec
+++ b/icu.spec
@@ -1,6 +1,6 @@
 Name:      icu
 Version:   4.4.2
-Release:   5%{?dist}
+Release:   6%{?dist}
 Summary:   International Components for Unicode
 Group:     Development/Tools
 License:   MIT and UCD and Public Domain
@@ -148,6 +148,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc source/__docs/%{name}/html/*
 
 %changelog
+* Thu Feb 03 2011 Caolán McNamara <caolanm at redhat.com> - 4.4.2-6
+- Resolves: rhbz#674328 more ways that freeserif crashes libicu
+
 * Wed Feb 02 2011 Caolán McNamara <caolanm at redhat.com> - 4.4.2-5
 - Resolves: rhbz#674328 freeserif crashes libicu

More information about the scm-commits mailing list