8c94f6b723dde5ee5ead054631905884e3d62b35 - platform/frameworks/minikin

commit	8c94f6b723dde5ee5ead054631905884e3d62b35	[log] [tgz]
author	Raph Levien <raph@google.com>	Wed Jan 06 14:31:23 2016 -0800
committer	The Android Automerger <android-build@google.com>	Tue Mar 01 13:19:17 2016 -0800
tree	9e639f4e9b93dc3249a42c6c2e7f638d9bf9cce5
parent	482f287e64674110c21d045a22538059c8dbc9e7 [diff]

Reject fonts with invalid ranges in cmap

A corrupt or malicious font may have a negative size in its cmap
range, which in turn could lead to memory corruption. This patch
detects the case and rejects the font, and also includes an assertion
in the sparse bit set implementation if we missed any such case.

External issue:
https://code.google.com/p/android/issues/detail?id=192618

Bug: 26413177
Change-Id: Icc0c80e4ef389abba0964495b89aa0fae3e9f4b2
(cherry picked from commit ca8ac8acdad662230ae37998c6c4091bb39402b6)

libs/minikin/CmapCoverage.cpp[diff]
libs/minikin/SparseBitSet.cpp[diff]

2 files changed

tree: 9e639f4e9b93dc3249a42c6c2e7f638d9bf9cce5

app/
doc/
include/
libs/
sample/
tools/