Allow zero length ranges in sanitization (#1617)

Fixes fvar table sanitization where there are no named instance by allowing zero length ranges starting from Null() address. Fixes #1607
2019-03-14 16:49:42 -07:00 · 2019-03-14 16:49:42 -07:00 · 5bbe78a0f3
parent ee8719eaaf
commit 5bbe78a0f3
3 changed files with 25 additions and 14 deletions
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@ -326,27 +326,29 @@ struct hb_sanitize_context_t :
  }

  bool check_range (const void *base,
-			   unsigned int len) const
+		    unsigned int len) const
  {
    const char *p = (const char *) base;
-    bool ok = this->start <= p &&
-	      p <= this->end &&
-	      (unsigned int) (this->end - p) >= len &&
-	      this->max_ops-- > 0;
+    bool ok = !len ||
+	      (this->start <= p &&
+	       p <= this->end &&
+	       (unsigned int) (this->end - p) >= len &&
+	       this->max_ops-- > 0);

    DEBUG_MSG_LEVEL (SANITIZE, p, this->debug_depth+1, 0,
-       "check_range [%p..%p] (%d bytes) in [%p..%p] -> %s",
-       p, p + len, len,
-       this->start, this->end,
-       ok ? "OK" : "OUT-OF-RANGE");
+		     "check_range [%p..%p]"
+		     " (%d bytes) in [%p..%p] -> %s",
+		     p, p + len, len,
+		     this->start, this->end,
+		     ok ? "OK" : "OUT-OF-RANGE");

    return likely (ok);
  }

  template <typename T>
  bool check_range (const T *base,
-			   unsigned int a,
-			   unsigned int b) const
+		    unsigned int a,
+		    unsigned int b) const
  {
    return !hb_unsigned_mul_overflows (a, b) &&
 	   this->check_range (base, a * b);
@ -354,9 +356,9 @@ struct hb_sanitize_context_t :

  template <typename T>
  bool check_range (const T *base,
-			   unsigned int a,
-			   unsigned int b,
-			   unsigned int c) const
+		    unsigned int a,
+		    unsigned int b,
+		    unsigned int c) const
  {
    return !hb_unsigned_mul_overflows (a, b) &&
 	   this->check_range (base, a * b, c);
--- a/test/api/fonts/Zycon.ttf
+++ b/test/api/fonts/Zycon.ttf
--- a/test/api/test-ot-face.c
+++ b/test/api/test-ot-face.c
@ -110,12 +110,21 @@ test_ot_face_empty (void)
  test_face (hb_face_get_empty (), 0);
 }

+static void
+test_ot_var_axis_on_zero_named_instance ()
+{
+  hb_face_t *face = hb_test_open_font_file ("fonts/Zycon.ttf");
+  g_assert (hb_ot_var_get_axis_count (face));
+  hb_face_destroy (face);
+}
+
 int
 main (int argc, char **argv)
 {
  hb_test_init (&argc, &argv);

  hb_test_add (test_ot_face_empty);
+  hb_test_add (test_ot_var_axis_on_zero_named_instance);

  return hb_test_run();
 }