From a08ce5b9c01ae635d5d01bbc8f4175c07b1dd52f Mon Sep 17 00:00:00 2001 From: Parag Nemade Date: Mon, 25 Sep 2023 14:03:27 +0530 Subject: [PATCH] Resolves:RHEL-8400 Add missing patch file --- ...it_how_far_we_skip_when_looking_back.patch | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch diff --git a/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch b/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch new file mode 100644 index 0000000..5d4af58 --- /dev/null +++ b/CVE-2023-25193-Limit_how_far_we_skip_when_looking_back.patch @@ -0,0 +1,20 @@ +diff -urN harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh +--- harfbuzz-1.7.5.old/src/hb-ot-layout-gsubgpos-private.hh 2018-01-27 07:43:07.000000000 +0530 ++++ harfbuzz-1.7.5/src/hb-ot-layout-gsubgpos-private.hh 2023-09-25 12:18:00.277228938 +0530 +@@ -368,7 +368,15 @@ + inline bool prev (void) + { + assert (num_items > 0); +- while (idx >= num_items) ++ unsigned stop = num_items - 1; ++ ++ /* When looking back, limit how far we search; this function is mostly ++ * used for looking back for base glyphs when attaching marks. If we ++ * don't limit, we can get O(n^2) behavior where n is the number of ++ * consecutive marks. */ ++ stop = (unsigned) ((int) stop >= (int) idx - HB_MAX_CONTEXT_LENGTH ? stop : (int) idx - HB_MAX_CONTEXT_LENGTH); ++ ++ while (idx > stop) + { + idx--; + const hb_glyph_info_t &info = c->buffer->out_info[idx];