Fix assertion on address overflow

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=917031
2019-01-14 15:27:34 -05:00 · 2019-01-14 15:27:34 -05:00 · 480406cd3e
parent 7a6686a589
commit 480406cd3e
1 changed files with 3 additions and 2 deletions
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@ -269,9 +269,10 @@ struct hb_sanitize_context_t :

    const char *obj_start = (const char *) obj;
    const char *obj_end = (const char *) obj + obj->get_size ();
-    assert (obj_start <= obj_end); /* Must not overflow. */

-    if (unlikely (obj_end < this->start || this->end < obj_start))
+    if (unlikely (obj_end < obj_start /* Overflow. */ ||
+		  obj_end < this->start ||
+		  this->end < obj_start))
      this->start = this->end = nullptr;
    else
    {