Resolves: rhbz#674328 more ways that freeserif crashes libicu

2011-02-03 09:42:02 +00:00 · 2011-02-03 09:42:02 +00:00 · 6c883575a1
commit 6c883575a1
parent 69ffdeb52a
2 changed files with 42 additions and 2 deletions
--- a/icu.8320.freeserif.crash.patch
+++ b/icu.8320.freeserif.crash.patch
@ -1,4 +1,13 @@
-diff -ru icu.orig/source/layout/LookupProcessor.cpp icu/source/layout/LookupProcessor.cpp
+--- icu/source/layout/LookupProcessor.h	2011-02-03 09:20:27.657005678 +0000
+++ icu/source/layout/LookupProcessor.h	2011-02-03 09:25:34.498396208 +0000
+@@ -58,6 +58,7 @@
+     const FeatureListTable  *featureListTable;
+ 
+     FeatureMask            *lookupSelectArray;
+    le_uint32              lookupSelectCount;
+ 
+     le_uint16               *lookupOrderArray;
+     le_uint32               lookupOrderCount;
 --- icu/source/layout/LookupProcessor.cpp	2011-02-02 12:29:54.369077099 +0000
 +++ icu/source/layout/LookupProcessor.cpp	2011-02-02 12:31:54.215503036 +0000
@@ -70,6 +70,10 @@
@ -12,3 +21,31 @@ diff -ru icu.orig/source/layout/LookupProcessor.cpp icu/source/layout/LookupProc
             le_uint16 lookupFlags = SWAPW(lookupTable->lookupFlags);
             
             glyphIterator.reset(lookupFlags, selectMask);
+@@ -111,6 +115,9 @@
+     for (le_uint16 lookup = 0; lookup < lookupCount; lookup += 1) {
+         le_uint16 lookupListIndex = SWAPW(featureTable->lookupListIndexArray[lookup]);
+ 
+	if (lookupListIndex >= lookupSelectCount)
+	    continue;
+
+         lookupSelectArray[lookupListIndex] |= featureMask;
+         lookupOrderArray[store++] = lookupListIndex;
+     }
+@@ -122,7 +129,7 @@
+         Offset scriptListOffset, Offset featureListOffset, Offset lookupListOffset,
+         LETag scriptTag, LETag languageTag, const FeatureMap *featureMap, le_int32 featureMapCount, le_bool orderFeatures, 
+         LEErrorCode& success)
+-    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL),
+    : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL), lookupSelectCount(0),
+       lookupOrderArray(NULL), lookupOrderCount(0)
+ {
+     const ScriptListTable *scriptListTable = NULL;
+@@ -170,6 +177,8 @@
+         lookupSelectArray[i] = 0;
+     }
+ 
+    lookupSelectCount = lookupListCount;
+
+     le_int32 count, order = 0;
+     le_int32 featureReferences = 0;
+     const FeatureTable *featureTable = NULL;
--- a/icu.spec
+++ b/icu.spec
@ -1,6 +1,6 @@
 Name:      icu
 Version:   4.4.2
-Release:   5%{?dist}
+Release:   6%{?dist}
 Summary:   International Components for Unicode
 Group:     Development/Tools
 License:   MIT and UCD and Public Domain
@ -148,6 +148,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc source/__docs/%{name}/html/*

 %changelog
+* Thu Feb 03 2011 Caolán McNamara <caolanm@redhat.com> - 4.4.2-6
+- Resolves: rhbz#674328 more ways that freeserif crashes libicu
+
 * Wed Feb 02 2011 Caolán McNamara <caolanm@redhat.com> - 4.4.2-5
 - Resolves: rhbz#674328 freeserif crashes libicu