Add _hb_unsigned_int_mul_overflows
This commit is contained in:
parent
1d39d6e42b
commit
080a0eb7d8
|
@ -77,19 +77,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
|
|||
unsigned int new_allocated = buffer->allocated;
|
||||
hb_glyph_position_t *new_pos = NULL;
|
||||
hb_glyph_info_t *new_info = NULL;
|
||||
bool overflows = FALSE;
|
||||
bool separate_out = buffer->out_info != buffer->info;
|
||||
|
||||
overflows = size >= ((unsigned int) -1) / sizeof (buffer->info[0]);
|
||||
if (unlikely (overflows))
|
||||
if (unlikely (_hb_unsigned_int_mul_overflows (size, sizeof (buffer->info[0]))))
|
||||
goto done;
|
||||
|
||||
while (size > new_allocated)
|
||||
new_allocated += (new_allocated >> 1) + 32;
|
||||
|
||||
ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
|
||||
overflows = new_allocated >= ((unsigned int) -1) / sizeof (buffer->info[0]);
|
||||
if (unlikely (overflows))
|
||||
if (unlikely (_hb_unsigned_int_mul_overflows (new_allocated, sizeof (buffer->info[0]))))
|
||||
goto done;
|
||||
|
||||
new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));
|
||||
|
|
|
@ -231,7 +231,7 @@ struct hb_sanitize_context_t
|
|||
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
|
||||
{
|
||||
const char *p = (const char *) base;
|
||||
bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size;
|
||||
bool overflows = _hb_unsigned_int_mul_overflows (len, record_size);
|
||||
|
||||
(void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE &&
|
||||
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n",
|
||||
|
|
|
@ -409,7 +409,7 @@ struct Ligature
|
|||
|
||||
inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const {
|
||||
uint16_t lig_id = buffer->next_serial ();
|
||||
if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflows */
|
||||
if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflow */
|
||||
return lig_id;
|
||||
}
|
||||
|
||||
|
|
|
@ -210,6 +210,13 @@ _hb_ctz (unsigned int number)
|
|||
#endif
|
||||
}
|
||||
|
||||
static inline bool
|
||||
_hb_unsigned_int_mul_overflows (unsigned int count, unsigned int size)
|
||||
{
|
||||
return (size > 0) && (count >= ((unsigned int) -1) / size);
|
||||
}
|
||||
|
||||
|
||||
/* Type of bsearch() / qsort() compare function */
|
||||
typedef int (*hb_compare_func_t) (const void *, const void *);
|
||||
|
||||
|
@ -297,7 +304,7 @@ struct hb_static_array_t {
|
|||
array = new_array;
|
||||
}
|
||||
} else {
|
||||
bool overflows = (new_allocated < allocated) || (new_allocated >= ((unsigned int) -1) / sizeof (Type));
|
||||
bool overflows = (new_allocated < allocated) || _hb_unsigned_int_mul_overflows (new_allocated, sizeof (Type));
|
||||
if (unlikely (overflows))
|
||||
new_array = NULL;
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue