walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sanitize (Headless)ArrayOf()::len to ensure it doesn't use offsets

This commit is contained in:
Behdad Esfahbod 2017-10-31 18:11:10 -06:00
parent 5f04711314
commit aca378f51e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hb-open-type-private.hh
View File

@ -946,7 +946,7 @@ struct ArrayOf
inline bool sanitize_shallow (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) && c->check_array (array, Type::static_size, len));
return_trace (len.sanitize (c) && c->check_array (array, Type::static_size, len));
}
public:
@ -1033,7 +1033,7 @@ struct HeadlessArrayOf
inline bool sanitize_shallow (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
return_trace (len.sanitize (c) &&
(!len || c->check_array (array, Type::static_size, len - 1)));
}