diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc index e09c40ea0..8da090ad4 100644 --- a/src/hb-buffer.cc +++ b/src/hb-buffer.cc @@ -1318,7 +1318,7 @@ hb_buffer_set_length (hb_buffer_t *buffer, if (unlikely (hb_object_is_immutable (buffer))) return length == 0; - if (!buffer->ensure (length)) + if (unlikely (!buffer->ensure (length))) return false; /* Wipe the new space */ @@ -1548,7 +1548,10 @@ hb_buffer_add_utf (hb_buffer_t *buffer, if (item_length == -1) item_length = text_length - item_offset; - buffer->ensure (buffer->len + item_length * sizeof (T) / 4); + if (unlikely (item_length < 0 || + item_length > INT_MAX / 8 || + !buffer->ensure (buffer->len + item_length * sizeof (T) / 4))) + return; /* If buffer is empty and pre-context provided, install it. * This check is written this way, to make sure people can diff --git a/src/hb-buffer.hh b/src/hb-buffer.hh index ae96825db..8fbc1950a 100644 --- a/src/hb-buffer.hh +++ b/src/hb-buffer.hh @@ -337,7 +337,7 @@ struct hb_buffer_t HB_INTERNAL HB_NODISCARD bool enlarge (unsigned int size); - bool ensure (unsigned int size) + HB_NODISCARD bool ensure (unsigned int size) { return likely (!size || size < allocated) ? true : enlarge (size); } bool ensure_inplace (unsigned int size) diff --git a/src/hb-graphite2.cc b/src/hb-graphite2.cc index 220ba4fc1..9dafe654c 100644 --- a/src/hb-graphite2.cc +++ b/src/hb-graphite2.cc @@ -289,7 +289,7 @@ _hb_graphite2_shape (hb_shape_plan_t *shape_plan HB_UNUSED, return true; } - buffer->ensure (glyph_count); + (void) buffer->ensure (glyph_count); scratch = buffer->get_scratch_buffer (&scratch_size); while ((DIV_CEIL (sizeof (hb_graphite2_cluster_t) * buffer->len, sizeof (*scratch)) + DIV_CEIL (sizeof (hb_codepoint_t) * glyph_count, sizeof (*scratch))) > scratch_size)