walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[kerx] Use sanitizer instead of handcoded runtime sanitization

This commit is contained in:
Behdad Esfahbod 2018-10-13 12:20:33 -04:00
parent 5733113662
commit 6d4b054234
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/hb-aat-layout-kerx-table.hh
View File

@ -232,11 +232,9 @@ struct KerxSubTableFormat2
unsigned int l = (this+leftClassTable).get_value_or_null (left, num_glyphs); unsigned int l = (this+leftClassTable).get_value_or_null (left, num_glyphs);
unsigned int r = (this+rightClassTable).get_value_or_null (right, num_glyphs); unsigned int r = (this+rightClassTable).get_value_or_null (right, num_glyphs);
unsigned int offset = l + r; unsigned int offset = l + r;
const FWORD *v = &StructAtOffset<FWORD> (&(this+array), offset); const FWORD v = StructAtOffset<FWORD> (&(this+array), offset);
if (unlikely ((const char *) v < (const char *) &array || if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
(const char *) v - (const char *) this > header.length - v->static_size)) return v;
return 0;
return *v;
} }
inline bool apply (hb_aat_apply_context_t *c) const inline bool apply (hb_aat_apply_context_t *c) const
@ -481,11 +479,9 @@ struct KerxSubTableFormat6
unsigned int offset = l + r; unsigned int offset = l + r;
if (unlikely (offset < l)) return 0; /* Addition overflow. */ if (unlikely (offset < l)) return 0; /* Addition overflow. */
if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32)))) return 0; if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32)))) return 0;
const FWORD32 *v = &StructAtOffset<FWORD32> (&(this+t.array), offset * sizeof (FWORD32)); const FWORD32 &v = StructAtOffset<FWORD32> (&(this+t.array), offset * sizeof (FWORD32));
if (unlikely ((const char *) v < (const char *) &t.array || if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
(const char *) v - (const char *) this > header.length - v->static_size)) return v;
return 0;
return *v;
} }
else else
{ {
@ -493,11 +489,9 @@ struct KerxSubTableFormat6
unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, num_glyphs); unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, num_glyphs);
unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, num_glyphs); unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, num_glyphs);
unsigned int offset = l + r; unsigned int offset = l + r;
const FWORD *v = &StructAtOffset<FWORD> (&(this+t.array), offset * sizeof (FWORD)); const FWORD &v = StructAtOffset<FWORD> (&(this+t.array), offset * sizeof (FWORD));
if (unlikely ((const char *) v < (const char *) &t.array || if (unlikely (!v.sanitize (&c->sanitizer))) return 0;
(const char *) v - (const char *) this > header.length - v->static_size)) return v;
return 0;
return *v;
} }
} }