walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[kerx] Fix sanitize of KerxSubtableFormat2::array read 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11033
This commit is contained in:
Behdad Esfahbod 2018-10-20 12:09:41 -07:00
parent 00fdbca4f6
commit 68b7050768
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/hb-aat-layout-kerx-table.hh
View File

@ -103,7 +103,8 @@ struct KerxSubTableFormat0
inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (likely (pairs.sanitize (c)));
return_trace (likely (c->check_struct (this) &&
pairs.sanitize (c)));
}
protected:
@ -275,7 +276,7 @@ struct KerxSubTableFormat2
inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (likely (rowWidth.sanitize (c) &&
return_trace (likely (c->check_struct (this) &&
leftClassTable.sanitize (c, this) &&
rightClassTable.sanitize (c, this) &&
c->check_range (this, array)));