[GSUB/GPOS] Check array size before accessing digests
This commit is contained in:
Behdad Esfahbod
parent
22148b8c4a
commit
6f76113755
|
|
@ -170,6 +170,9 @@ struct hb_ot_layout_t
|
|||
const struct GSUB *gsub;
|
||||
const struct GPOS *gpos;
|
||||
|
||||
unsigned int gsub_lookup_count;
|
||||
unsigned int gpos_lookup_count;
|
||||
|
||||
hb_set_digest_t *gsub_digests;
|
||||
hb_set_digest_t *gpos_digests;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -58,22 +58,22 @@ _hb_ot_layout_create (hb_face_t *face)
|
|||
layout->gpos_blob = Sanitizer<GPOS>::sanitize (hb_face_reference_table (face, HB_OT_TAG_GPOS));
|
||||
layout->gpos = Sanitizer<GPOS>::lock_instance (layout->gpos_blob);
|
||||
|
||||
layout->gsub_lookup_count = layout->gsub->get_lookup_count ();
|
||||
layout->gpos_lookup_count = layout->gpos->get_lookup_count ();
|
||||
|
||||
layout->gsub_digests = (hb_set_digest_t *) calloc (layout->gsub->get_lookup_count (), sizeof (hb_set_digest_t));
|
||||
layout->gpos_digests = (hb_set_digest_t *) calloc (layout->gpos->get_lookup_count (), sizeof (hb_set_digest_t));
|
||||
|
||||
if (unlikely ((layout->gsub->get_lookup_count() && !layout->gsub_digests) ||
|
||||
(layout->gpos->get_lookup_count() && !layout->gpos_digests)))
|
||||
if (unlikely ((layout->gsub_lookup_count && !layout->gsub_digests) ||
|
||||
(layout->gpos_lookup_count && !layout->gpos_digests)))
|
||||
{
|
||||
_hb_ot_layout_destroy (layout);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
unsigned int count;
|
||||
count = layout->gsub->get_lookup_count();
|
||||
for (unsigned int i = 0; i < count; i++)
|
||||
for (unsigned int i = 0; i < layout->gsub_lookup_count; i++)
|
||||
layout->gsub->add_coverage (&layout->gsub_digests[i], i);
|
||||
count = layout->gpos->get_lookup_count();
|
||||
for (unsigned int i = 0; i < count; i++)
|
||||
for (unsigned int i = 0; i < layout->gpos_lookup_count; i++)
|
||||
layout->gpos->add_coverage (&layout->gpos_digests[i], i);
|
||||
|
||||
return layout;
|
||||
|
|
@ -405,9 +405,8 @@ hb_ot_layout_would_substitute_lookup (hb_face_t *face,
|
|||
unsigned int glyphs_length,
|
||||
unsigned int lookup_index)
|
||||
{
|
||||
if (unlikely (glyphs_length < 1 || glyphs_length > 2)) return false;
|
||||
hb_would_apply_context_t c (face, glyphs[0], glyphs_length == 2 ? glyphs[1] : -1, NULL);
|
||||
return _get_gsub (face).would_substitute_lookup (&c, lookup_index);
|
||||
if (unlikely (!hb_ot_shaper_face_data_ensure (face))) return false;
|
||||
return hb_ot_layout_would_substitute_lookup_fast (face, glyphs, glyphs_length, lookup_index);
|
||||
}
|
||||
|
||||
hb_bool_t
|
||||
|
|
@ -417,6 +416,7 @@ hb_ot_layout_would_substitute_lookup_fast (hb_face_t *face,
|
|||
unsigned int lookup_index)
|
||||
{
|
||||
if (unlikely (glyphs_length < 1 || glyphs_length > 2)) return false;
|
||||
if (unlikely (lookup_index >= hb_ot_layout_from_face (face)->gsub_lookup_count)) return false;
|
||||
hb_would_apply_context_t c (face, glyphs[0], glyphs_length == 2 ? glyphs[1] : -1, &hb_ot_layout_from_face (face)->gsub_digests[lookup_index]);
|
||||
return hb_ot_layout_from_face (face)->gsub->would_substitute_lookup (&c, lookup_index);
|
||||
}
|
||||
|
|
@ -433,8 +433,8 @@ hb_ot_layout_substitute_lookup (hb_face_t *face,
|
|||
unsigned int lookup_index,
|
||||
hb_mask_t mask)
|
||||
{
|
||||
hb_apply_context_t c (NULL, face, buffer, mask, NULL);
|
||||
return _get_gsub (face).substitute_lookup (&c, lookup_index);
|
||||
if (unlikely (!hb_ot_shaper_face_data_ensure (face))) return false;
|
||||
return hb_ot_layout_substitute_lookup_fast (face, buffer, lookup_index, mask);
|
||||
}
|
||||
|
||||
hb_bool_t
|
||||
|
|
@ -443,6 +443,7 @@ hb_ot_layout_substitute_lookup_fast (hb_face_t *face,
|
|||
unsigned int lookup_index,
|
||||
hb_mask_t mask)
|
||||
{
|
||||
if (unlikely (lookup_index >= hb_ot_layout_from_face (face)->gsub_lookup_count)) return false;
|
||||
hb_apply_context_t c (NULL, face, buffer, mask, &hb_ot_layout_from_face (face)->gsub_digests[lookup_index]);
|
||||
return hb_ot_layout_from_face (face)->gsub->substitute_lookup (&c, lookup_index);
|
||||
}
|
||||
|
|
@ -484,8 +485,8 @@ hb_ot_layout_position_lookup (hb_font_t *font,
|
|||
unsigned int lookup_index,
|
||||
hb_mask_t mask)
|
||||
{
|
||||
hb_apply_context_t c (font, font->face, buffer, mask, NULL);
|
||||
return _get_gpos (font->face).position_lookup (&c, lookup_index);
|
||||
if (unlikely (!hb_ot_shaper_face_data_ensure (font->face))) return false;
|
||||
return hb_ot_layout_position_lookup_fast (font, buffer, lookup_index, mask);
|
||||
}
|
||||
|
||||
hb_bool_t
|
||||
|
|
@ -494,6 +495,7 @@ hb_ot_layout_position_lookup_fast (hb_font_t *font,
|
|||
unsigned int lookup_index,
|
||||
hb_mask_t mask)
|
||||
{
|
||||
if (unlikely (lookup_index >= hb_ot_layout_from_face (font->face)->gpos_lookup_count)) return false;
|
||||
hb_apply_context_t c (font, font->face, buffer, mask, &hb_ot_layout_from_face (font->face)->gpos_digests[lookup_index]);
|
||||
return hb_ot_layout_from_face (font->face)->gpos->position_lookup (&c, lookup_index);
|
||||
}
|
||||
|
|
@ -503,5 +505,3 @@ hb_ot_layout_position_finish (hb_font_t *font, hb_buffer_t *buffer, hb_bool_t ze
|
|||
{
|
||||
GPOS::position_finish (font, buffer, zero_width_attached_marks);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue