← Back to branch summary

~ubuntu-branches/debian/squeeze/openjdk-6/squeeze

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2012-1713.patch

  • Committer: Package Import Robot
  • Author(s): Moritz Muehlenhoff
  • Date: 2012-06-27 09:21:49 UTC
  • Revision ID: package-import@ubuntu.com-20120627092149-sehd53bk71f637vs
Tags: 6b18-1.8.13-0+squeeze2
CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717
CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724
CVE-2012-1725

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2012-1713.patch
 
1
# HG changeset patch
 
2
# User bae
 
3
# Date 1339077299 -3600
 
4
# Node ID 25e9363d907d3cc5104a5ec47c1638b36b63559c
 
5
# Parent  7047bf04103450562b485e00c622fea18b227eea
 
6
7143617: Improve fontmanager layout lookup operations
 
7
Reviewed-by: prr
 
8
 
 
9
diff --git a/src/share/native/sun/font/layout/LookupProcessor.cpp b/src/share/native/sun/font/layout/LookupProcessor.cpp
 
10
--- openjdk/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp
 
11
+++ openjdk/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp
 
12
@@ -86,6 +86,10 @@
 
13
 
 
14
         if (selectMask != 0) {
 
15
             const LookupTable *lookupTable = lookupListTable->getLookupTable(lookup);
 
16
+
 
17
+            if (!lookupTable)
 
18
+                continue;
 
19
+
 
20
             le_uint16 lookupFlags = SWAPW(lookupTable->lookupFlags);
 
21
 
 
22
             glyphIterator.reset(lookupFlags, selectMask);
 
23
@@ -124,6 +128,9 @@
 
24
     for (le_uint16 lookup = 0; lookup < lookupCount; lookup += 1) {
 
25
         le_uint16 lookupListIndex = SWAPW(featureTable->lookupListIndexArray[lookup]);
 
26
 
 
27
+        if (lookupListIndex >= lookupSelectCount)
 
28
+            continue;
 
29
+
 
30
         lookupSelectArray[lookupListIndex] |= featureMask;
 
31
         lookupOrderArray[store++] = lookupListIndex;
 
32
     }
 
33
@@ -135,7 +142,7 @@
 
34
         Offset scriptListOffset, Offset featureListOffset, Offset lookupListOffset,
 
35
         LETag scriptTag, LETag languageTag, const FeatureMap *featureMap,
 
36
         le_int32 featureMapCount, le_bool orderFeatures)
 
37
-    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL),
 
38
+    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL), lookupSelectCount(0),
 
39
       lookupOrderArray(NULL), lookupOrderCount(0)
 
40
 {
 
41
     const ScriptListTable *scriptListTable = NULL;
 
42
@@ -175,6 +182,8 @@
 
43
         lookupSelectArray[i] = 0;
 
44
     }
 
45
 
 
46
+    lookupSelectCount = lookupListCount;
 
47
+
 
48
     le_int32 count, order = 0;
 
49
     le_int32 featureReferences = 0;
 
50
     const FeatureTable *featureTable = NULL;
 
51
@@ -191,6 +200,10 @@
 
52
         le_uint16 featureIndex = SWAPW(langSysTable->featureIndexArray[feature]);
 
53
 
 
54
         featureTable = featureListTable->getFeatureTable(featureIndex, &featureTag);
 
55
+
 
56
+        if (!featureTable)
 
57
+            continue;
 
58
+
 
59
         featureReferences += SWAPW(featureTable->lookupCount);
 
60
     }
 
61
 
 
62
diff --git a/src/share/native/sun/font/layout/LookupProcessor.h b/src/share/native/sun/font/layout/LookupProcessor.h
 
63
--- openjdk/jdk/src/share/native/sun/font/layout/LookupProcessor.h
 
64
+++ openjdk/jdk/src/share/native/sun/font/layout/LookupProcessor.h
 
65
@@ -77,6 +77,7 @@
 
66
     const FeatureListTable  *featureListTable;
 
67
 
 
68
     FeatureMask             *lookupSelectArray;
 
69
+    le_uint32              lookupSelectCount;
 
70
 
 
71
     le_uint16               *lookupOrderArray;
 
72
     le_uint32               lookupOrderCount;