1 files changed, 135 insertions, 0 deletions
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
new file mode 100644
index 0000000000..4994e0ef68
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
+From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 13:08:52 -0700
+Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
+Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP.
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++---------------
+ 1 file changed, 54 insertions(+), 40 deletions(-)
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index a6ca456..5a7e564 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
+++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -369,33 +369,52 @@ struct hb_ot_apply_context_t :
+     may_skip (const hb_glyph_info_t &info) const
+     { return matcher.may_skip (c, info); }
+ 
+    enum match_t {
+      MATCH,
+      NOT_MATCH,
+      SKIP
+    };
+
+    match_t match (hb_glyph_info_t &info)
+    {
+      matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+      if (unlikely (skip == matcher_t::SKIP_YES))
+       return SKIP;
+
+      matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
+      if (match == matcher_t::MATCH_YES ||
+         (match == matcher_t::MATCH_MAYBE &&
+          skip == matcher_t::SKIP_NO))
+       return MATCH;
+
+      if (skip == matcher_t::SKIP_NO)
+        return NOT_MATCH;
+
+      return SKIP;
+  }
+
+     bool next (unsigned *unsafe_to = nullptr)
+     {
+       assert (num_items > 0);
+       while (idx + num_items < end)
+       {
+        idx++;
+-       const hb_glyph_info_t &info = c->buffer->info[idx];
+-
+-       matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+-       if (unlikely (skip == matcher_t::SKIP_YES))
+-         continue;
+-
+-       matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
+-       if (match == matcher_t::MATCH_YES ||
+-           (match == matcher_t::MATCH_MAYBE &&
+-            skip == matcher_t::SKIP_NO))
+-       {
+-         num_items--;
+-         if (match_glyph_data) match_glyph_data++;
+-         return true;
+-       }
+-
+-       if (skip == matcher_t::SKIP_NO)
+       switch (match (c->buffer->info[idx]))
+        {
+-         if (unsafe_to)
+-           *unsafe_to = idx + 1;
+-         return false;
+         case MATCH:
+         {
+           num_items--;
+           if (match_glyph_data) match_glyph_data++;
+           return true;
+         }
+         case NOT_MATCH:
+         {
+           if (unsafe_to)
+             *unsafe_to = idx + 1;
+           return false;
+         }
+         case SKIP:
+           continue;
+        }
+       }
+       if (unsafe_to)
+@@ -408,27 +427,22 @@ struct hb_ot_apply_context_t :
+       while (idx > num_items - 1)
+       {
+        idx--;
+-       const hb_glyph_info_t &info = c->buffer->out_info[idx];
+-
+-       matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+-       if (unlikely (skip == matcher_t::SKIP_YES))
+-         continue;
+-
+-       matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
+-       if (match == matcher_t::MATCH_YES ||
+-           (match == matcher_t::MATCH_MAYBE &&
+-            skip == matcher_t::SKIP_NO))
+       switch (match (c->buffer->out_info[idx]))
+        {
+-         num_items--;
+-         if (match_glyph_data) match_glyph_data++;
+-         return true;
+-       }
+-
+-       if (skip == matcher_t::SKIP_NO)
+-       {
+-         if (unsafe_from)
+-           *unsafe_from = hb_max (1u, idx) - 1u;
+-         return false;
+         case MATCH:
+         {
+           num_items--;
+           if (match_glyph_data) match_glyph_data++;
+           return true;
+         }
+         case NOT_MATCH:
+         {
+           if (unsafe_from)
+             *unsafe_from = hb_max (1u, idx) - 1u;
+           return false;
+         }
+         case SKIP:
+           continue;
+        }
+       }
+       if (unsafe_from)
+-- 
+2.25.1

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch new file mode 100644 index 0000000000..4994e0ef68 --- /dev/null +++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
	1	From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
	2	From: Behdad Esfahbod <behdad@behdad.org>
	3	Date: Mon, 6 Feb 2023 13:08:52 -0700
	4	Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
	5
	6	Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
	7	Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP.
	8	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
	9	---
	10	src/hb-ot-layout-gsubgpos.hh \| 94 +++++++++++++++++++++---------------
	11	1 file changed, 54 insertions(+), 40 deletions(-)
	12
	13	diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
	14	index a6ca456..5a7e564 100644
	15	--- a/src/hb-ot-layout-gsubgpos.hh
	16	+++ b/src/hb-ot-layout-gsubgpos.hh
	17	@@ -369,33 +369,52 @@ struct hb_ot_apply_context_t :
	18	may_skip (const hb_glyph_info_t &info) const
	19	{ return matcher.may_skip (c, info); }
	20
	21	+ enum match_t {
	22	+ MATCH,
	23	+ NOT_MATCH,
	24	+ SKIP
	25	+ };
	26	+
	27	+ match_t match (hb_glyph_info_t &info)
	28	+ {
	29	+ matcher_t::may_skip_t skip = matcher.may_skip (c, info);
	30	+ if (unlikely (skip == matcher_t::SKIP_YES))
	31	+ return SKIP;
	32	+
	33	+ matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
	34	+ if (match == matcher_t::MATCH_YES \|\|
	35	+ (match == matcher_t::MATCH_MAYBE &&
	36	+ skip == matcher_t::SKIP_NO))
	37	+ return MATCH;
	38	+
	39	+ if (skip == matcher_t::SKIP_NO)
	40	+ return NOT_MATCH;
	41	+
	42	+ return SKIP;
	43	+ }
	44	+
	45	bool next (unsigned *unsafe_to = nullptr)
	46	{
	47	assert (num_items > 0);
	48	while (idx + num_items < end)
	49	{
	50	idx++;
	51	- const hb_glyph_info_t &info = c->buffer->info[idx];
	52	-
	53	- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
	54	- if (unlikely (skip == matcher_t::SKIP_YES))
	55	- continue;
	56	-
	57	- matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
	58	- if (match == matcher_t::MATCH_YES \|\|
	59	- (match == matcher_t::MATCH_MAYBE &&
	60	- skip == matcher_t::SKIP_NO))
	61	- {
	62	- num_items--;
	63	- if (match_glyph_data) match_glyph_data++;
	64	- return true;
	65	- }
	66	-
	67	- if (skip == matcher_t::SKIP_NO)
	68	+ switch (match (c->buffer->info[idx]))
	69	{
	70	- if (unsafe_to)
	71	- *unsafe_to = idx + 1;
	72	- return false;
	73	+ case MATCH:
	74	+ {
	75	+ num_items--;
	76	+ if (match_glyph_data) match_glyph_data++;
	77	+ return true;
	78	+ }
	79	+ case NOT_MATCH:
	80	+ {
	81	+ if (unsafe_to)
	82	+ *unsafe_to = idx + 1;
	83	+ return false;
	84	+ }
	85	+ case SKIP:
	86	+ continue;
	87	}
	88	}
	89	if (unsafe_to)
	90	@@ -408,27 +427,22 @@ struct hb_ot_apply_context_t :
	91	while (idx > num_items - 1)
	92	{
	93	idx--;
	94	- const hb_glyph_info_t &info = c->buffer->out_info[idx];
	95	-
	96	- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
	97	- if (unlikely (skip == matcher_t::SKIP_YES))
	98	- continue;
	99	-
	100	- matcher_t::may_match_t match = matcher.may_match (info, match_glyph_data);
	101	- if (match == matcher_t::MATCH_YES \|\|
	102	- (match == matcher_t::MATCH_MAYBE &&
	103	- skip == matcher_t::SKIP_NO))
	104	+ switch (match (c->buffer->out_info[idx]))
	105	{
	106	- num_items--;
	107	- if (match_glyph_data) match_glyph_data++;
	108	- return true;
	109	- }
	110	-
	111	- if (skip == matcher_t::SKIP_NO)
	112	- {
	113	- if (unsafe_from)
	114	- *unsafe_from = hb_max (1u, idx) - 1u;
	115	- return false;
	116	+ case MATCH:
	117	+ {
	118	+ num_items--;
	119	+ if (match_glyph_data) match_glyph_data++;
	120	+ return true;
	121	+ }
	122	+ case NOT_MATCH:
	123	+ {
	124	+ if (unsafe_from)
	125	+ *unsafe_from = hb_max (1u, idx) - 1u;
	126	+ return false;
	127	+ }
	128	+ case SKIP:
	129	+ continue;
	130	}
	131	}
	132	if (unsafe_from)
	133	--
	134	2.25.1
	135