[aat] Fix sanitize slowdown

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11034
This commit is contained in:
Behdad Esfahbod 2018-10-17 22:34:16 -07:00
parent b9478e28ac
commit 83780308b4
2 changed files with 5 additions and 1 deletions

View File

@ -422,6 +422,8 @@ struct StateTable
num_states, num_states,
num_classes * states[0].static_size))) num_classes * states[0].static_size)))
return_trace (false); return_trace (false);
if ((c->max_ops -= num_states - state) < 0)
return_trace (false);
{ /* Sweep new states. */ { /* Sweep new states. */
const HBUINT16 *stop = &states[num_states * num_classes]; const HBUINT16 *stop = &states[num_states * num_classes];
for (const HBUINT16 *p = &states[state * num_classes]; p < stop; p++) for (const HBUINT16 *p = &states[state * num_classes]; p < stop; p++)
@ -431,6 +433,8 @@ struct StateTable
if (unlikely (!c->check_array (entries, num_entries))) if (unlikely (!c->check_array (entries, num_entries)))
return_trace (false); return_trace (false);
if ((c->max_ops -= num_entries - entry) < 0)
return_trace (false);
{ /* Sweep new entries. */ { /* Sweep new entries. */
const Entry<Extra> *stop = &entries[num_entries]; const Entry<Extra> *stop = &entries[num_entries];
for (const Entry<Extra> *p = &entries[entry]; p < stop; p++) for (const Entry<Extra> *p = &entries[entry]; p < stop; p++)

View File

@ -443,10 +443,10 @@ struct hb_sanitize_context_t :
mutable unsigned int debug_depth; mutable unsigned int debug_depth;
const char *start, *end; const char *start, *end;
mutable int max_ops;
private: private:
bool writable; bool writable;
unsigned int edit_count; unsigned int edit_count;
mutable int max_ops;
hb_blob_t *blob; hb_blob_t *blob;
unsigned int num_glyphs; unsigned int num_glyphs;
bool num_glyphs_set; bool num_glyphs_set;