Fix possible overflow in bsearch impls
From bungeman. Fixes https://github.com/harfbuzz/harfbuzz/pull/1314
This commit is contained in:
Behdad Esfahbod
parent
94e421abbf
commit
21ede867df
|
|
@ -321,7 +321,7 @@ hb_bsearch_r (const void *key, const void *base,
|
||||||
int min = 0, max = (int) nmemb - 1;
|
int min = 0, max = (int) nmemb - 1;
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
const void *p = (const void *) (((const char *) base) + (mid * size));
|
const void *p = (const void *) (((const char *) base) + (mid * size));
|
||||||
int c = compar (key, p, arg);
|
int c = compar (key, p, arg);
|
||||||
if (c < 0)
|
if (c < 0)
|
||||||
|
|
|
||||||
|
|
@ -702,7 +702,7 @@ struct SortedArrayOf : ArrayOf<Type, LenType>
|
||||||
int min = 0, max = (int) this->len - 1;
|
int min = 0, max = (int) this->len - 1;
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
int c = arr[mid].cmp (x);
|
int c = arr[mid].cmp (x);
|
||||||
if (c < 0)
|
if (c < 0)
|
||||||
max = mid - 1;
|
max = mid - 1;
|
||||||
|
|
@ -825,7 +825,7 @@ struct VarSizedBinSearchArrayOf
|
||||||
int min = 0, max = (int) header.nUnits - 1;
|
int min = 0, max = (int) header.nUnits - 1;
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
const Type *p = (const Type *) (((const char *) &bytesZ) + (mid * size));
|
const Type *p = (const Type *) (((const char *) &bytesZ) + (mid * size));
|
||||||
int c = p->cmp (key);
|
int c = p->cmp (key);
|
||||||
if (c < 0)
|
if (c < 0)
|
||||||
|
|
|
||||||
|
|
@ -249,7 +249,7 @@ struct CmapSubtableFormat4
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
if (codepoint < startCount[mid])
|
if (codepoint < startCount[mid])
|
||||||
max = mid - 1;
|
max = mid - 1;
|
||||||
else if (codepoint > endCount[mid])
|
else if (codepoint > endCount[mid])
|
||||||
|
|
|
||||||
|
|
@ -663,7 +663,7 @@ struct PairSet
|
||||||
int min = 0, max = (int) count - 1;
|
int min = 0, max = (int) count - 1;
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
const PairValueRecord *record = &StructAtOffset<PairValueRecord> (&firstPairValueRecord, record_size * mid);
|
const PairValueRecord *record = &StructAtOffset<PairValueRecord> (&firstPairValueRecord, record_size * mid);
|
||||||
hb_codepoint_t mid_x = record->secondGlyph;
|
hb_codepoint_t mid_x = record->secondGlyph;
|
||||||
if (x < mid_x)
|
if (x < mid_x)
|
||||||
|
|
|
||||||
|
|
@ -232,7 +232,7 @@ struct hb_vector_t
|
||||||
const Type *array = this->arrayZ();
|
const Type *array = this->arrayZ();
|
||||||
while (min <= max)
|
while (min <= max)
|
||||||
{
|
{
|
||||||
int mid = (min + max) / 2;
|
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||||
int c = array[mid].cmp (&x);
|
int c = array[mid].cmp (&x);
|
||||||
if (c < 0)
|
if (c < 0)
|
||||||
max = mid - 1;
|
max = mid - 1;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue