walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add guard to copy_glyph_at_idx

This commit is contained in:
ckitagawa 2020-02-04 09:49:24 -05:00
parent e128f80278
commit b114b26a56
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hb-ot-color-cbdt-table.cc
View File

@ -65,7 +65,7 @@ bool CBLC::subset (hb_subset_context_t *c) const
CBDT_internal::copy_data_to_cbdt (&cbdt_prime, cbdt, CBDT::min_size);
for (const BitmapSizeTable& table : + sizeTables.iter ())
subset_size_table (c, table, (const char *) cbdt, cblc_prime, &cbdt_prime);
subset_size_table (c, table, (const char *) cbdt, cbdt_length, cblc_prime, &cbdt_prime);
hb_blob_destroy (cbdt_blob);

9
src/hb-ot-color-cbdt-table.hh
View File

@ -55,6 +55,7 @@ HB_INTERNAL bool copy_data_to_cbdt (hb_vector_t<char> *cbdt_prime,
struct cblc_bitmap_size_subset_context_t
{
const char *cbdt;
unsigned int cbdt_length;
hb_vector_t<char> *cbdt_prime;
unsigned int size; /* INOUT
* Input: old size of IndexSubtable
@ -265,6 +266,7 @@ struct IndexSubtable
bool copy_glyph_at_idx (hb_serialize_context_t *c,
unsigned int idx,
const char *cbdt,
unsigned int cbdt_length,
hb_vector_t<char> *cbdt_prime /* INOUT */,
IndexSubtable *subtable_prime /* INOUT */,
unsigned int *size /* OUT (accumulated) */) const
@ -273,6 +275,7 @@ struct IndexSubtable
unsigned int offset, length, format;
if (unlikely (!get_image_data (idx, &offset, &length, &format))) return_trace (false);
if (unlikely (offset > cbdt_length || cbdt_length - offset < length)) return_trace (false);
auto* header_prime = subtable_prime->get_header();
unsigned int new_local_offset = cbdt_prime->length - (unsigned int) header_prime->imageDataOffset;
@ -414,6 +417,7 @@ struct IndexSubtableRecord
if (unlikely (!next_subtable->copy_glyph_at_idx (c->serializer,
old_idx,
bitmap_size_context->cbdt,
bitmap_size_context->cbdt_length,
bitmap_size_context->cbdt_prime,
subtable,
&bitmap_size_context->size)))
@ -620,6 +624,7 @@ struct BitmapSizeTable
const void *src_base,
const void *dst_base,
const char *cbdt,
unsigned int cbdt_length,
hb_vector_t<char> *cbdt_prime /* INOUT */) const
{
TRACE_SUBSET (this);
@ -628,6 +633,7 @@ struct BitmapSizeTable
cblc_bitmap_size_subset_context_t bitmap_size_context;
bitmap_size_context.cbdt = cbdt;
bitmap_size_context.cbdt_length = cbdt_length;
bitmap_size_context.cbdt_prime = cbdt_prime;
bitmap_size_context.size = indexTablesSize;
bitmap_size_context.num_tables = numberOfIndexSubtables;
@ -729,6 +735,7 @@ struct CBLC
bool subset_size_table (hb_subset_context_t *c,
const BitmapSizeTable& table,
const char *cbdt /* IN */,
unsigned int cbdt_length,
CBLC *cblc_prime /* INOUT */,
hb_vector_t<char> *cbdt_prime /* INOUT */) const
{
@ -738,7 +745,7 @@ struct CBLC
auto snap = c->serializer->snapshot ();
auto cbdt_prime_len = cbdt_prime->length;
if (!table.subset (c, this, cblc_prime, cbdt, cbdt_prime))
if (!table.subset (c, this, cblc_prime, cbdt, cbdt_length, cbdt_prime))
{
cblc_prime->sizeTables.len--;
c->serializer->revert (snap);