walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Clean up buffer area when rewinding 

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=614647
If allocation fails, we might be leaving junk behind.  At least
clear it up.
This commit is contained in:
Behdad Esfahbod 2016-07-20 01:43:56 -07:00
parent f80c34eb55
commit 6363d7df28
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/hb-buffer.cc
View File

@ -183,6 +183,12 @@ hb_buffer_t::shift_forward (unsigned int count)
if (unlikely (!ensure (len + count))) return false; if (unlikely (!ensure (len + count))) return false;
memmove (info + idx + count, info + idx, (len - idx) * sizeof (info[0])); memmove (info + idx + count, info + idx, (len - idx) * sizeof (info[0]));
if (idx + count > len)
{
/* Under memory failure we might expose this area. At least
* clean it up. Oh well... */
memset (info + len, 0, (idx + count - len) * sizeof (info[0]));
}
len += count; len += count;
idx += count; idx += count;
@ -426,6 +432,8 @@ hb_buffer_t::move_to (unsigned int i)
/* Tricky part: rewinding... */ /* Tricky part: rewinding... */
unsigned int count = out_len - i; unsigned int count = out_len - i;
/* This will blow in our face if memory allocation fails later
* in this same lookup... */
if (unlikely (idx < count && !shift_forward (count + 32))) return false; if (unlikely (idx < count && !shift_forward (count + 32))) return false;
assert (idx >= count); assert (idx >= count);