From 88e0dd02cb728ba91e96298d6346cdabe18a95ab Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Thu, 4 Aug 2022 01:03:07 +0000 Subject: [PATCH] [repacker] add sanitization for PairPosFormat2. --- src/graph/pairpos-graph.hh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/graph/pairpos-graph.hh b/src/graph/pairpos-graph.hh index 1099c8859..aa504e0e1 100644 --- a/src/graph/pairpos-graph.hh +++ b/src/graph/pairpos-graph.hh @@ -201,13 +201,17 @@ struct PairPosFormat2 : public OT::Layout::GPOS_impl::PairPosFormat2_4::min_size; + if (vertex_len < min_size) return false; + + const unsigned class1_count = class1Count; + return vertex_len >= + min_size + class1_count * get_class1_record_size (); } hb_vector_t split_subtables (gsubgpos_graph_context_t& c, unsigned this_index) { - // TODO(garretrieger): sanitization. const unsigned base_size = OT::Layout::GPOS_impl::PairPosFormat2_4::min_size + size_of (c, this_index, &coverage) + size_of (c, this_index, &classDef1) @@ -215,8 +219,7 @@ struct PairPosFormat2 : public OT::Layout::GPOS_impl::PairPosFormat2_4& format2_device_table_indices; }; + size_t get_class1_record_size () const + { + const size_t class2_count = class2Count; + return + class2_count * (valueFormat1.get_size () + valueFormat2.get_size ()); + } + hb_vector_t do_split (split_context& split_context, const hb_vector_t& split_points) {