Allow zero length ranges in sanitization (#1617)
Fixes fvar table sanitization where there are no named instance by allowing zero length ranges starting from Null() address. Fixes #1607
This commit is contained in:
Ebrahim Byagowi
Michiharu Ariza
parent
ee8719eaaf
commit
5bbe78a0f3
|
|
@ -326,27 +326,29 @@ struct hb_sanitize_context_t :
|
||||||
}
|
}
|
||||||
|
|
||||||
bool check_range (const void *base,
|
bool check_range (const void *base,
|
||||||
unsigned int len) const
|
unsigned int len) const
|
||||||
{
|
{
|
||||||
const char *p = (const char *) base;
|
const char *p = (const char *) base;
|
||||||
bool ok = this->start <= p &&
|
bool ok = !len ||
|
||||||
p <= this->end &&
|
(this->start <= p &&
|
||||||
(unsigned int) (this->end - p) >= len &&
|
p <= this->end &&
|
||||||
this->max_ops-- > 0;
|
(unsigned int) (this->end - p) >= len &&
|
||||||
|
this->max_ops-- > 0);
|
||||||
|
|
||||||
DEBUG_MSG_LEVEL (SANITIZE, p, this->debug_depth+1, 0,
|
DEBUG_MSG_LEVEL (SANITIZE, p, this->debug_depth+1, 0,
|
||||||
"check_range [%p..%p] (%d bytes) in [%p..%p] -> %s",
|
"check_range [%p..%p]"
|
||||||
p, p + len, len,
|
" (%d bytes) in [%p..%p] -> %s",
|
||||||
this->start, this->end,
|
p, p + len, len,
|
||||||
ok ? "OK" : "OUT-OF-RANGE");
|
this->start, this->end,
|
||||||
|
ok ? "OK" : "OUT-OF-RANGE");
|
||||||
|
|
||||||
return likely (ok);
|
return likely (ok);
|
||||||
}
|
}
|
||||||
|
|
||||||
template <typename T>
|
template <typename T>
|
||||||
bool check_range (const T *base,
|
bool check_range (const T *base,
|
||||||
unsigned int a,
|
unsigned int a,
|
||||||
unsigned int b) const
|
unsigned int b) const
|
||||||
{
|
{
|
||||||
return !hb_unsigned_mul_overflows (a, b) &&
|
return !hb_unsigned_mul_overflows (a, b) &&
|
||||||
this->check_range (base, a * b);
|
this->check_range (base, a * b);
|
||||||
|
|
@ -354,9 +356,9 @@ struct hb_sanitize_context_t :
|
||||||
|
|
||||||
template <typename T>
|
template <typename T>
|
||||||
bool check_range (const T *base,
|
bool check_range (const T *base,
|
||||||
unsigned int a,
|
unsigned int a,
|
||||||
unsigned int b,
|
unsigned int b,
|
||||||
unsigned int c) const
|
unsigned int c) const
|
||||||
{
|
{
|
||||||
return !hb_unsigned_mul_overflows (a, b) &&
|
return !hb_unsigned_mul_overflows (a, b) &&
|
||||||
this->check_range (base, a * b, c);
|
this->check_range (base, a * b, c);
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -110,12 +110,21 @@ test_ot_face_empty (void)
|
||||||
test_face (hb_face_get_empty (), 0);
|
test_face (hb_face_get_empty (), 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
test_ot_var_axis_on_zero_named_instance ()
|
||||||
|
{
|
||||||
|
hb_face_t *face = hb_test_open_font_file ("fonts/Zycon.ttf");
|
||||||
|
g_assert (hb_ot_var_get_axis_count (face));
|
||||||
|
hb_face_destroy (face);
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
main (int argc, char **argv)
|
main (int argc, char **argv)
|
||||||
{
|
{
|
||||||
hb_test_init (&argc, &argv);
|
hb_test_init (&argc, &argv);
|
||||||
|
|
||||||
hb_test_add (test_ot_face_empty);
|
hb_test_add (test_ot_face_empty);
|
||||||
|
hb_test_add (test_ot_var_axis_on_zero_named_instance);
|
||||||
|
|
||||||
return hb_test_run();
|
return hb_test_run();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue