[aat] Fix offsetToIndex math for out-of-bounds values

Previously, some bad font data was accidentally being interpretted as
legit if it happened to not fall out of memory bounds. The intention
of the code was what this commit does.  I'm surprised we weren't getting
a "arithmetic between signed and unsigned values" warning / error
before.
This commit is contained in:
Behdad Esfahbod 2021-03-22 15:22:15 -07:00
parent c5d6bdb4bf
commit 29708e959a
1 changed files with 2 additions and 1 deletions

View File

@ -678,7 +678,8 @@ struct ObsoleteTypes
const void *base, const void *base,
const T *array) const T *array)
{ {
return (offset - ((const char *) array - (const char *) base)) / T::static_size; /* https://github.com/harfbuzz/harfbuzz/issues/2816 */
return (offset - unsigned ((const char *) array - (const char *) base)) / T::static_size;
} }
template <typename T> template <typename T>
static unsigned int byteOffsetToIndex (unsigned int offset, static unsigned int byteOffsetToIndex (unsigned int offset,