Add _hb_unsigned_int_mul_overflows
This commit is contained in:
parent
1d39d6e42b
commit
080a0eb7d8
|
@ -77,19 +77,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
|
||||||
unsigned int new_allocated = buffer->allocated;
|
unsigned int new_allocated = buffer->allocated;
|
||||||
hb_glyph_position_t *new_pos = NULL;
|
hb_glyph_position_t *new_pos = NULL;
|
||||||
hb_glyph_info_t *new_info = NULL;
|
hb_glyph_info_t *new_info = NULL;
|
||||||
bool overflows = FALSE;
|
|
||||||
bool separate_out = buffer->out_info != buffer->info;
|
bool separate_out = buffer->out_info != buffer->info;
|
||||||
|
|
||||||
overflows = size >= ((unsigned int) -1) / sizeof (buffer->info[0]);
|
if (unlikely (_hb_unsigned_int_mul_overflows (size, sizeof (buffer->info[0]))))
|
||||||
if (unlikely (overflows))
|
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
while (size > new_allocated)
|
while (size > new_allocated)
|
||||||
new_allocated += (new_allocated >> 1) + 32;
|
new_allocated += (new_allocated >> 1) + 32;
|
||||||
|
|
||||||
ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
|
ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
|
||||||
overflows = new_allocated >= ((unsigned int) -1) / sizeof (buffer->info[0]);
|
if (unlikely (_hb_unsigned_int_mul_overflows (new_allocated, sizeof (buffer->info[0]))))
|
||||||
if (unlikely (overflows))
|
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));
|
new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));
|
||||||
|
|
|
@ -231,7 +231,7 @@ struct hb_sanitize_context_t
|
||||||
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
|
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
|
||||||
{
|
{
|
||||||
const char *p = (const char *) base;
|
const char *p = (const char *) base;
|
||||||
bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size;
|
bool overflows = _hb_unsigned_int_mul_overflows (len, record_size);
|
||||||
|
|
||||||
(void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE &&
|
(void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE &&
|
||||||
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n",
|
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n",
|
||||||
|
|
|
@ -409,7 +409,7 @@ struct Ligature
|
||||||
|
|
||||||
inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const {
|
inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const {
|
||||||
uint16_t lig_id = buffer->next_serial ();
|
uint16_t lig_id = buffer->next_serial ();
|
||||||
if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflows */
|
if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflow */
|
||||||
return lig_id;
|
return lig_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -210,6 +210,13 @@ _hb_ctz (unsigned int number)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline bool
|
||||||
|
_hb_unsigned_int_mul_overflows (unsigned int count, unsigned int size)
|
||||||
|
{
|
||||||
|
return (size > 0) && (count >= ((unsigned int) -1) / size);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Type of bsearch() / qsort() compare function */
|
/* Type of bsearch() / qsort() compare function */
|
||||||
typedef int (*hb_compare_func_t) (const void *, const void *);
|
typedef int (*hb_compare_func_t) (const void *, const void *);
|
||||||
|
|
||||||
|
@ -297,7 +304,7 @@ struct hb_static_array_t {
|
||||||
array = new_array;
|
array = new_array;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
bool overflows = (new_allocated < allocated) || (new_allocated >= ((unsigned int) -1) / sizeof (Type));
|
bool overflows = (new_allocated < allocated) || _hb_unsigned_int_mul_overflows (new_allocated, sizeof (Type));
|
||||||
if (unlikely (overflows))
|
if (unlikely (overflows))
|
||||||
new_array = NULL;
|
new_array = NULL;
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue