harfbuzz/SOURCES/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch

diff -urN harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh
--- harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh	2020-12-27 05:31:18.000000000 +0530
+++ harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh	2023-09-09 18:11:07.014324408 +0530
@@ -468,7 +468,15 @@
     bool prev ()
     {
       assert (num_items > 0);
-      while (idx > num_items - 1)
+      unsigned stop = num_items - 1;
+
+      /* When looking back, limit how far we search; this function is mostly
+       * used for looking back for base glyphs when attaching marks. If we
+       * don't limit, we can get O(n^2) behavior where n is the number of
+       * consecutive marks. */
+      stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);
+
+      while (idx > stop)
       {
 	idx--;
 	const hb_glyph_info_t &info = c->buffer->out_info[idx];
import UBI harfbuzz-2.7.4-10.el9 2024-04-30 15:40:10 +00:00			`diff -urN harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh`
			`--- harfbuzz-2.7.4.old/src/hb-ot-layout-gsubgpos.hh 2020-12-27 05:31:18.000000000 +0530`
			`+++ harfbuzz-2.7.4/src/hb-ot-layout-gsubgpos.hh 2023-09-09 18:11:07.014324408 +0530`
			`@@ -468,7 +468,15 @@`
			`bool prev ()`
			`{`
			`assert (num_items > 0);`
			`- while (idx > num_items - 1)`
			`+ unsigned stop = num_items - 1;`
			`+`
			`+ /* When looking back, limit how far we search; this function is mostly`
			`+ * used for looking back for base glyphs when attaching marks. If we`
			`+ * don't limit, we can get O(n^2) behavior where n is the number of`
			`+ * consecutive marks. */`
			`+ stop = (unsigned) hb_max ((int) stop, (int) idx - HB_MAX_CONTEXT_LENGTH);`
			`+`
			`+ while (idx > stop)`
			`{`
			`idx--;`
			`const hb_glyph_info_t &info = c->buffer->out_info[idx];`