From 5769538abfe153c503da4801649493e57a9854c2 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 14 Aug 2009 16:12:22 -0400
Subject: [PATCH] [HB] Add note about auditing sanitize code for overflows

---
 src/TODO                         | 1 +
 src/hb-ot-layout-gpos-private.hh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/TODO b/src/TODO
index d2b067d55..54560aa87 100644
--- a/src/TODO
+++ b/src/TODO
@@ -3,3 +3,4 @@
 - cmap14 support in get_glyph callback
 - size_t?
 - Figure out compiler selection (add test for link to libstdc++)
+- Audit sanitize for int overflows
diff --git a/src/hb-ot-layout-gpos-private.hh b/src/hb-ot-layout-gpos-private.hh
index e357b01c8..6b20716d0 100644
--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -565,7 +565,7 @@ struct PairPosFormat2
 	   SANITIZE_THIS2 (classDef1, classDef2) &&
 	   SANITIZE_MEM (values,
 			 (valueFormat1.get_size () + valueFormat2.get_size ()) *
-			 class1Count * class2Count);
+			 class1Count * class2Count); /* XXX overflow (in other places too) */
   }
 
   private: