[cff-common] No need to check max-offset in INDEX
The length_at() function makes sure out-of-range offsets are discarded. We just need to check the last offset.
This commit is contained in:
parent
b051f3fa83
commit
335b1d83cf
|
@ -279,21 +279,10 @@ struct CFFIndex
|
||||||
TRACE_SANITIZE (this);
|
TRACE_SANITIZE (this);
|
||||||
return_trace (likely (c->check_struct (this) &&
|
return_trace (likely (c->check_struct (this) &&
|
||||||
(count == 0 || /* empty INDEX */
|
(count == 0 || /* empty INDEX */
|
||||||
(c->check_struct (&offSize) && offSize >= 1 && offSize <= 4 &&
|
(count < count + 1u &&
|
||||||
c->check_array (offsets, offSize, count + 1) &&
|
c->check_struct (&offSize) && offSize >= 1 && offSize <= 4 &&
|
||||||
c->check_array ((const HBUINT8*) data_base (), 1, max_offset () - 1)))));
|
c->check_array (offsets, offSize, count + 1u) &&
|
||||||
}
|
c->check_array ((const HBUINT8*) data_base (), 1, offset_at (count) - 1)))));
|
||||||
|
|
||||||
protected:
|
|
||||||
unsigned int max_offset () const
|
|
||||||
{
|
|
||||||
unsigned int max = 0;
|
|
||||||
for (unsigned int i = 0; i < count + 1u; i++)
|
|
||||||
{
|
|
||||||
unsigned int off = offset_at (i);
|
|
||||||
if (off > max) max = off;
|
|
||||||
}
|
|
||||||
return max;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
|
Loading…
Reference in New Issue