summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libs/minikin/CmapCoverage.cpp15
-rw-r--r--libs/minikin/MinikinInternal.h2
2 files changed, 17 insertions, 0 deletions
diff --git a/libs/minikin/CmapCoverage.cpp b/libs/minikin/CmapCoverage.cpp
index c02526c..da1cf3e 100644
--- a/libs/minikin/CmapCoverage.cpp
+++ b/libs/minikin/CmapCoverage.cpp
@@ -25,6 +25,8 @@ using std::vector;
#include <minikin/SparseBitSet.h>
#include <minikin/CmapCoverage.h>
+#include "MinikinInternal.h"
+
namespace android {
// These could perhaps be optimized to use __builtin_bswap16 and friends.
@@ -142,6 +144,19 @@ static bool getCoverageFormat12(vector<uint32_t>& coverage, const uint8_t* data,
android_errorWriteLog(0x534e4554, "26413177");
return false;
}
+
+ // No need to read outside of Unicode code point range.
+ if (start > MAX_UNICODE_CODE_POINT) {
+ return true;
+ }
+ if (end > MAX_UNICODE_CODE_POINT) {
+ // file is inclusive, vector is exclusive
+ addRange(coverage, start, MAX_UNICODE_CODE_POINT + 1);
+ if (end == 0xFFFFFFFF) {
+ android_errorWriteLog(0x534e4554, "62134807");
+ }
+ return true;
+ }
if (!addRange(coverage, start, end + 1)) { // file is inclusive, vector is exclusive
return false;
}
diff --git a/libs/minikin/MinikinInternal.h b/libs/minikin/MinikinInternal.h
index 88cc947..c6c5b29 100644
--- a/libs/minikin/MinikinInternal.h
+++ b/libs/minikin/MinikinInternal.h
@@ -47,6 +47,8 @@ bool isEmojiModifier(uint32_t c);
hb_blob_t* getFontTable(MinikinFont* minikinFont, uint32_t tag);
+constexpr uint32_t MAX_UNICODE_CODE_POINT = 0x10FFFF;
+
// An RAII wrapper for hb_blob_t
class HbBlob {
public: