Add guard to copy_glyph_at_idx
This commit is contained in:
parent
e128f80278
commit
b114b26a56
|
@ -65,7 +65,7 @@ bool CBLC::subset (hb_subset_context_t *c) const
|
||||||
CBDT_internal::copy_data_to_cbdt (&cbdt_prime, cbdt, CBDT::min_size);
|
CBDT_internal::copy_data_to_cbdt (&cbdt_prime, cbdt, CBDT::min_size);
|
||||||
|
|
||||||
for (const BitmapSizeTable& table : + sizeTables.iter ())
|
for (const BitmapSizeTable& table : + sizeTables.iter ())
|
||||||
subset_size_table (c, table, (const char *) cbdt, cblc_prime, &cbdt_prime);
|
subset_size_table (c, table, (const char *) cbdt, cbdt_length, cblc_prime, &cbdt_prime);
|
||||||
|
|
||||||
hb_blob_destroy (cbdt_blob);
|
hb_blob_destroy (cbdt_blob);
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,7 @@ HB_INTERNAL bool copy_data_to_cbdt (hb_vector_t<char> *cbdt_prime,
|
||||||
struct cblc_bitmap_size_subset_context_t
|
struct cblc_bitmap_size_subset_context_t
|
||||||
{
|
{
|
||||||
const char *cbdt;
|
const char *cbdt;
|
||||||
|
unsigned int cbdt_length;
|
||||||
hb_vector_t<char> *cbdt_prime;
|
hb_vector_t<char> *cbdt_prime;
|
||||||
unsigned int size; /* INOUT
|
unsigned int size; /* INOUT
|
||||||
* Input: old size of IndexSubtable
|
* Input: old size of IndexSubtable
|
||||||
|
@ -265,6 +266,7 @@ struct IndexSubtable
|
||||||
bool copy_glyph_at_idx (hb_serialize_context_t *c,
|
bool copy_glyph_at_idx (hb_serialize_context_t *c,
|
||||||
unsigned int idx,
|
unsigned int idx,
|
||||||
const char *cbdt,
|
const char *cbdt,
|
||||||
|
unsigned int cbdt_length,
|
||||||
hb_vector_t<char> *cbdt_prime /* INOUT */,
|
hb_vector_t<char> *cbdt_prime /* INOUT */,
|
||||||
IndexSubtable *subtable_prime /* INOUT */,
|
IndexSubtable *subtable_prime /* INOUT */,
|
||||||
unsigned int *size /* OUT (accumulated) */) const
|
unsigned int *size /* OUT (accumulated) */) const
|
||||||
|
@ -273,6 +275,7 @@ struct IndexSubtable
|
||||||
|
|
||||||
unsigned int offset, length, format;
|
unsigned int offset, length, format;
|
||||||
if (unlikely (!get_image_data (idx, &offset, &length, &format))) return_trace (false);
|
if (unlikely (!get_image_data (idx, &offset, &length, &format))) return_trace (false);
|
||||||
|
if (unlikely (offset > cbdt_length || cbdt_length - offset < length)) return_trace (false);
|
||||||
|
|
||||||
auto* header_prime = subtable_prime->get_header();
|
auto* header_prime = subtable_prime->get_header();
|
||||||
unsigned int new_local_offset = cbdt_prime->length - (unsigned int) header_prime->imageDataOffset;
|
unsigned int new_local_offset = cbdt_prime->length - (unsigned int) header_prime->imageDataOffset;
|
||||||
|
@ -414,6 +417,7 @@ struct IndexSubtableRecord
|
||||||
if (unlikely (!next_subtable->copy_glyph_at_idx (c->serializer,
|
if (unlikely (!next_subtable->copy_glyph_at_idx (c->serializer,
|
||||||
old_idx,
|
old_idx,
|
||||||
bitmap_size_context->cbdt,
|
bitmap_size_context->cbdt,
|
||||||
|
bitmap_size_context->cbdt_length,
|
||||||
bitmap_size_context->cbdt_prime,
|
bitmap_size_context->cbdt_prime,
|
||||||
subtable,
|
subtable,
|
||||||
&bitmap_size_context->size)))
|
&bitmap_size_context->size)))
|
||||||
|
@ -620,6 +624,7 @@ struct BitmapSizeTable
|
||||||
const void *src_base,
|
const void *src_base,
|
||||||
const void *dst_base,
|
const void *dst_base,
|
||||||
const char *cbdt,
|
const char *cbdt,
|
||||||
|
unsigned int cbdt_length,
|
||||||
hb_vector_t<char> *cbdt_prime /* INOUT */) const
|
hb_vector_t<char> *cbdt_prime /* INOUT */) const
|
||||||
{
|
{
|
||||||
TRACE_SUBSET (this);
|
TRACE_SUBSET (this);
|
||||||
|
@ -628,6 +633,7 @@ struct BitmapSizeTable
|
||||||
|
|
||||||
cblc_bitmap_size_subset_context_t bitmap_size_context;
|
cblc_bitmap_size_subset_context_t bitmap_size_context;
|
||||||
bitmap_size_context.cbdt = cbdt;
|
bitmap_size_context.cbdt = cbdt;
|
||||||
|
bitmap_size_context.cbdt_length = cbdt_length;
|
||||||
bitmap_size_context.cbdt_prime = cbdt_prime;
|
bitmap_size_context.cbdt_prime = cbdt_prime;
|
||||||
bitmap_size_context.size = indexTablesSize;
|
bitmap_size_context.size = indexTablesSize;
|
||||||
bitmap_size_context.num_tables = numberOfIndexSubtables;
|
bitmap_size_context.num_tables = numberOfIndexSubtables;
|
||||||
|
@ -729,6 +735,7 @@ struct CBLC
|
||||||
bool subset_size_table (hb_subset_context_t *c,
|
bool subset_size_table (hb_subset_context_t *c,
|
||||||
const BitmapSizeTable& table,
|
const BitmapSizeTable& table,
|
||||||
const char *cbdt /* IN */,
|
const char *cbdt /* IN */,
|
||||||
|
unsigned int cbdt_length,
|
||||||
CBLC *cblc_prime /* INOUT */,
|
CBLC *cblc_prime /* INOUT */,
|
||||||
hb_vector_t<char> *cbdt_prime /* INOUT */) const
|
hb_vector_t<char> *cbdt_prime /* INOUT */) const
|
||||||
{
|
{
|
||||||
|
@ -738,7 +745,7 @@ struct CBLC
|
||||||
auto snap = c->serializer->snapshot ();
|
auto snap = c->serializer->snapshot ();
|
||||||
auto cbdt_prime_len = cbdt_prime->length;
|
auto cbdt_prime_len = cbdt_prime->length;
|
||||||
|
|
||||||
if (!table.subset (c, this, cblc_prime, cbdt, cbdt_prime))
|
if (!table.subset (c, this, cblc_prime, cbdt, cbdt_length, cbdt_prime))
|
||||||
{
|
{
|
||||||
cblc_prime->sizeTables.len--;
|
cblc_prime->sizeTables.len--;
|
||||||
c->serializer->revert (snap);
|
c->serializer->revert (snap);
|
||||||
|
|
Loading…
Reference in New Issue