Add _hb_unsigned_int_mul_overflows

This commit is contained in:
Behdad Esfahbod 2011-04-28 16:01:01 -04:00
parent 1d39d6e42b
commit 080a0eb7d8
4 changed files with 12 additions and 8 deletions

View File

@ -77,19 +77,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
unsigned int new_allocated = buffer->allocated; unsigned int new_allocated = buffer->allocated;
hb_glyph_position_t *new_pos = NULL; hb_glyph_position_t *new_pos = NULL;
hb_glyph_info_t *new_info = NULL; hb_glyph_info_t *new_info = NULL;
bool overflows = FALSE;
bool separate_out = buffer->out_info != buffer->info; bool separate_out = buffer->out_info != buffer->info;
overflows = size >= ((unsigned int) -1) / sizeof (buffer->info[0]); if (unlikely (_hb_unsigned_int_mul_overflows (size, sizeof (buffer->info[0]))))
if (unlikely (overflows))
goto done; goto done;
while (size > new_allocated) while (size > new_allocated)
new_allocated += (new_allocated >> 1) + 32; new_allocated += (new_allocated >> 1) + 32;
ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0])); ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
overflows = new_allocated >= ((unsigned int) -1) / sizeof (buffer->info[0]); if (unlikely (_hb_unsigned_int_mul_overflows (new_allocated, sizeof (buffer->info[0]))))
if (unlikely (overflows))
goto done; goto done;
new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0])); new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));

View File

@ -231,7 +231,7 @@ struct hb_sanitize_context_t
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
{ {
const char *p = (const char *) base; const char *p = (const char *) base;
bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size; bool overflows = _hb_unsigned_int_mul_overflows (len, record_size);
(void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE && (void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE &&
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n",

View File

@ -409,7 +409,7 @@ struct Ligature
inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const { inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const {
uint16_t lig_id = buffer->next_serial (); uint16_t lig_id = buffer->next_serial ();
if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflows */ if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflow */
return lig_id; return lig_id;
} }

View File

@ -210,6 +210,13 @@ _hb_ctz (unsigned int number)
#endif #endif
} }
static inline bool
_hb_unsigned_int_mul_overflows (unsigned int count, unsigned int size)
{
return (size > 0) && (count >= ((unsigned int) -1) / size);
}
/* Type of bsearch() / qsort() compare function */ /* Type of bsearch() / qsort() compare function */
typedef int (*hb_compare_func_t) (const void *, const void *); typedef int (*hb_compare_func_t) (const void *, const void *);
@ -297,7 +304,7 @@ struct hb_static_array_t {
array = new_array; array = new_array;
} }
} else { } else {
bool overflows = (new_allocated < allocated) || (new_allocated >= ((unsigned int) -1) / sizeof (Type)); bool overflows = (new_allocated < allocated) || _hb_unsigned_int_mul_overflows (new_allocated, sizeof (Type));
if (unlikely (overflows)) if (unlikely (overflows))
new_array = NULL; new_array = NULL;
else else