From 915b9ea5f48d56df21419761477b2d4ba2843b54 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 24 Apr 2019 10:07:19 -0400
Subject: [PATCH] [serialize] Add c->check_assign()

To check for assignment overflows.
---
 src/hb-open-type.hh            |  7 +++----
 src/hb-ot-layout-gsub-table.hh |  2 +-
 src/hb-serialize.hh            | 20 +++++++++++++-------
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index d8cd3edb2..b232fdbc1 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -182,8 +182,7 @@ struct Offset : Type
   void *serialize (hb_serialize_context_t *c, const void *base)
   {
     void *t = c->start_embed<void> ();
-    unsigned int offset = (char *) t - (char *) base;
-    c->propagate_error ((*this = offset) == offset);
+    c->check_assign (*this, (char *) t - (char *) base);
     return t;
   }
 
@@ -549,7 +548,7 @@ struct ArrayOf
   {
     TRACE_SERIALIZE (this);
     if (unlikely (!c->extend_min (*this))) return_trace (false);
-    c->propagate_error ((len = items_len) == items_len);
+    c->check_assign (len, items_len);
     if (unlikely (!c->extend (*this))) return_trace (false);
     return_trace (true);
   }
@@ -699,7 +698,7 @@ struct HeadlessArrayOf
   {
     TRACE_SERIALIZE (this);
     if (unlikely (!c->extend_min (*this))) return_trace (false);
-    c->propagate_error ((lenP1 = items.length + 1) == items.length + 1);
+    c->check_assign (lenP1, items.length + 1);
     if (unlikely (!c->extend (*this))) return_trace (false);
     for (unsigned int i = 0; i < items.length; i++)
       arrayZ[i] = items[i];
diff --git a/src/hb-ot-layout-gsub-table.hh b/src/hb-ot-layout-gsub-table.hh
index a08f21fb7..8574eb5c8 100644
--- a/src/hb-ot-layout-gsub-table.hh
+++ b/src/hb-ot-layout-gsub-table.hh
@@ -90,7 +90,7 @@ struct SingleSubstFormat1
     TRACE_SERIALIZE (this);
     if (unlikely (!c->extend_min (*this))) return_trace (false);
     if (unlikely (!coverage.serialize (c, this).serialize (c, glyphs))) return_trace (false);
-    c->propagate_error ((deltaGlyphID = delta) == delta);
+    c->check_assign (deltaGlyphID, delta);
     return_trace (true);
   }
 
diff --git a/src/hb-serialize.hh b/src/hb-serialize.hh
index cab444e26..7e2d2f7b9 100644
--- a/src/hb-serialize.hh
+++ b/src/hb-serialize.hh
@@ -120,11 +120,19 @@ struct hb_serialize_context_t
     this->packed.push (nullptr);
   }
 
-  bool propagate_error (bool success)
+  bool check_success (bool success)
   { return this->successful && (success || (err_propagated_error (), false)); }
 
+  template <typename T1, typename T2>
+  bool check_equal (T1 &&v1, T2 &&v2)
+  { return check_success (v1 == v2); }
+
+  template <typename T1, typename T2>
+  bool check_assign (T1 &v1, T2 &&v2)
+  { return check_equal (v1 = v2, v2); }
+
   template <typename T> bool propagate_error (T &&obj)
-  { return propagate_error (!hb_deref_pointer (obj).in_error ()); }
+  { return check_success (!hb_deref_pointer (obj).in_error ()); }
 
   template <typename T1, typename... Ts> bool propagate_error (T1 &&o1, Ts &&...os)
   { return propagate_error (hb_forward<T1> (o1)) &&
@@ -170,7 +178,7 @@ struct hb_serialize_context_t
   {
     object_t *obj = object_pool.alloc ();
     if (unlikely (!obj))
-      propagate_error (false);
+      check_success (false);
     else
     {
       obj->head = head;
@@ -293,15 +301,13 @@ struct hb_serialize_context_t
 	{
 	  auto &off = * ((BEInt<uint32_t, 4> *) (parent.head + link.position));
 	  assert (0 == off);
-	  off = offset;
-	  propagate_error (off == offset);
+	  check_assign (off, offset);
 	}
 	else
 	{
 	  auto &off = * ((BEInt<uint16_t, 2> *) (parent.head + link.position));
 	  assert (0 == off);
-	  off = offset;
-	  propagate_error (off == offset);
+	  check_assign (off, offset);
 	}
       }
     }