Fix assertion on address overflow
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=917031
This commit is contained in:
parent
7a6686a589
commit
480406cd3e
|
@ -269,9 +269,10 @@ struct hb_sanitize_context_t :
|
||||||
|
|
||||||
const char *obj_start = (const char *) obj;
|
const char *obj_start = (const char *) obj;
|
||||||
const char *obj_end = (const char *) obj + obj->get_size ();
|
const char *obj_end = (const char *) obj + obj->get_size ();
|
||||||
assert (obj_start <= obj_end); /* Must not overflow. */
|
|
||||||
|
|
||||||
if (unlikely (obj_end < this->start || this->end < obj_start))
|
if (unlikely (obj_end < obj_start /* Overflow. */ ||
|
||||||
|
obj_end < this->start ||
|
||||||
|
this->end < obj_start))
|
||||||
this->start = this->end = nullptr;
|
this->start = this->end = nullptr;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue