harfbuzz: Resolve backported commit bug.

The commit [https://github.com/openembedded/openembedded-core/commit/c22bbe9b45e3] backports fix for CVE-2023-25193 for version 2.6.4. The apply() in src/hb-ot-layout-gpos-table.hh ends prematurely. The if block in apply() has an extra return statement, which causes it to return w/o executing buffer->unsafe_to_concat_from_outbuffer() function. (From OE-Core rev: e3fda60c4131c21cfb3139c56c1771e342d4b9bf) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Dhairya Nagodra <dnagodra@cisco.com> 2023-07-25 23:45:34 -0700
committer: Steve Sakoman <steve@sakoman.com> 2023-08-16 03:55:13 -1000
commit: 3b52050443eef30e7c2b35b9ead441f77b62401c (patch)
tree: 8d5b187fc2be7d8977bb07c74fc0c2828d41af7b /meta/recipes-graphics
parent: 959e7b1432994ade7a79b074d8de3070a69c494f (diff)
download: poky-3b52050443eef30e7c2b35b9ead441f77b62401c.tar.gz
1 files changed, 8 insertions, 8 deletions
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
index 8243117551..e4ac13dbad 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -1,4 +1,4 @@
-From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From 9c8e972dbecda93546038d24444d8216397d75a3 Mon Sep 17 00:00:00 2001
 From: Behdad Esfahbod <behdad@behdad.org>
 Date: Mon, 6 Feb 2023 14:51:25 -0700
 Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
@@ -8,13 +8,15 @@ Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be87
 Comment2: The Patch contained files MarkBasePosFormat1.hh and MarkLigPosFormat1.hh which were moved from hb-ot-layout-gpos-table.hh as per https://github.com/harfbuzz/harfbuzz/commit/197d9a5c994eb41c8c89b7b958b26b1eacfeeb00
 CVE: CVE-2023-25193
 Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
 ---
- src/hb-ot-layout-gpos-table.hh | 101 ++++++++++++++++++++++++---------
+ src/hb-ot-layout-gpos-table.hh | 103 +++++++++++++++++++++++----------
 src/hb-ot-layout-gsubgpos.hh   |   5 +-
- 2 files changed, 77 insertions(+), 29 deletions(-)
+ 2 files changed, 78 insertions(+), 30 deletions(-)
 diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh
-index 024312d..88df13d 100644
+index 024312d..db5f9ae 100644
 --- a/src/hb-ot-layout-gpos-table.hh
 +++ b/src/hb-ot-layout-gpos-table.hh
 @@ -1458,6 +1458,25 @@ struct MarkBasePosFormat1
@@ -102,8 +104,9 @@ index 024312d..88df13d 100644
 +    //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); }
 
 -    unsigned int base_index = (this+baseCoverage).get_coverage  (buffer->info[skippy_iter.idx].codepoint);
+-    if (base_index == NOT_COVERED) return_trace (false);
 +    unsigned int base_index = (this+baseCoverage).get_coverage  (buffer->info[idx].codepoint);
-     if (base_index == NOT_COVERED) return_trace (false);
+    if (base_index == NOT_COVERED)
 +    {
 +      buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1);
 +      return_trace (false);
@@ -174,6 +177,3 @@ index 5a7e564..437123c 100644
   void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); }
   void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); }
   void set_random (bool random_) { random = random_; }
-- 
-2.25.1
author	Dhairya Nagodra <dnagodra@cisco.com>	2023-07-25 23:45:34 -0700
committer	Steve Sakoman <steve@sakoman.com>	2023-08-16 03:55:13 -1000
commit	3b52050443eef30e7c2b35b9ead441f77b62401c (patch)
tree	8d5b187fc2be7d8977bb07c74fc0c2828d41af7b /meta/recipes-graphics
parent	959e7b1432994ade7a79b074d8de3070a69c494f (diff)
download	poky-3b52050443eef30e7c2b35b9ead441f77b62401c.tar.gz