Mozilla bug 580233 - check for zero-length record in hb sanitizer.

Patch / report by Jonathan Kew.
This commit is contained in:
Behdad Esfahbod 2010-07-21 16:37:01 -04:00
parent 17e9ff938b
commit 4f801bd658
1 changed files with 1 additions and 1 deletions

View File

@ -229,7 +229,7 @@ struct hb_sanitize_context_t
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
{
const char *p = (const char *) base;
bool overflows = len >= ((unsigned int) -1) / record_size;
bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size;
if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \