[sanitizer] Add reset_object(), make set_object() do bounds-check
Affects morx/kerx run-time only currently. Will adjust their sanitize next.
This commit is contained in:
parent
2c8188bf59
commit
a9fe787a11
|
@ -934,6 +934,7 @@ struct KerxTable
|
|||
st = &StructAfter<SubTable> (*st);
|
||||
c->set_lookup_index (c->lookup_index + 1);
|
||||
}
|
||||
c->sanitizer.reset_object ();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -1041,6 +1041,7 @@ struct Chain
|
|||
subtable = &StructAfter<ChainSubtable<Types> > (*subtable);
|
||||
c->set_lookup_index (c->lookup_index + 1);
|
||||
}
|
||||
c->sanitizer.reset_object ();
|
||||
}
|
||||
|
||||
inline unsigned int get_size (void) const { return length; }
|
||||
|
|
|
@ -259,26 +259,34 @@ struct hb_sanitize_context_t :
|
|||
|
||||
inline void set_max_ops (int max_ops_) { max_ops = max_ops_; }
|
||||
|
||||
/* TODO
|
||||
* This set_object() thing is to use sanitize at runtime lookup
|
||||
* application time. This is very distinct from the regular
|
||||
* sanitizer operation, so, eventually, separate into another
|
||||
* type and make hb_aat_apply_context_t use that one instead
|
||||
* of abusing this one.
|
||||
*/
|
||||
template <typename T>
|
||||
inline void set_object (const T& obj)
|
||||
{
|
||||
this->start = (const char *) &obj;
|
||||
this->end = (const char *) &obj + obj.get_size ();
|
||||
reset_object ();
|
||||
|
||||
const char *obj_start = (const char *) &obj;
|
||||
const char *obj_end = (const char *) &obj + obj.get_size ();
|
||||
assert (obj_start <= obj_end); /* Must not overflow. */
|
||||
|
||||
if (unlikely (obj_end < this->start || this->end < obj_start))
|
||||
this->start = this->end = nullptr;
|
||||
else
|
||||
{
|
||||
this->start = MAX (this->start, obj_start);
|
||||
this->end = MIN (this->end , obj_end );
|
||||
}
|
||||
}
|
||||
|
||||
inline void reset_object (void)
|
||||
{
|
||||
this->start = this->blob->data;
|
||||
this->end = this->start + this->blob->length;
|
||||
assert (this->start <= this->end); /* Must not overflow. */
|
||||
}
|
||||
|
||||
inline void start_processing (void)
|
||||
{
|
||||
this->start = this->blob->data;
|
||||
this->end = this->start + this->blob->length;
|
||||
assert (this->start <= this->end); /* Must not overflow. */
|
||||
reset_object ();
|
||||
this->max_ops = MAX ((unsigned int) (this->end - this->start) * HB_SANITIZE_MAX_OPS_FACTOR,
|
||||
(unsigned) HB_SANITIZE_MAX_OPS_MIN);
|
||||
this->edit_count = 0;
|
||||
|
|
Loading…
Reference in New Issue