walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[HB] Add sanitize debugging facilities

This commit is contained in:
Behdad Esfahbod 2009-08-04 22:35:36 -04:00
parent 7edb430f91
commit b28815c1f6
8 changed files with 136 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hb-open-file-private.hh
View File

@ -48,6 +48,7 @@ struct TTCHeader;
typedef struct TableDirectory
{
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE (tag) &&
SANITIZE_MEM (CONST_CHARP(base) + (unsigned long) offset, length);
}
@ -77,6 +78,7 @@ typedef struct OffsetTable
public:
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
if (!(SANITIZE_SELF () && SANITIZE_MEM (tableDir, sizeof (tableDir[0]) * numTables))) return false;
unsigned int count = numTables;
for (unsigned int i = 0; i < count; i++)
@ -113,6 +115,7 @@ struct TTCHeader
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (version)) return false;
if (version.major < 1 || version.major > 2) return true;
/* XXX Maybe we shouldn't NEUTER these offsets, they may cause a full copy of
@ -172,6 +175,7 @@ struct OpenTypeFontFile
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
switch (tag) {
default: return true;
case TrueTypeTag: case CFFTag: return SANITIZE_THIS (CAST (OffsetTable, *this, 0));

43
src/hb-open-type-private.hh
View File

@ -203,6 +203,24 @@ struct Null <Type> \
* Sanitize
*/
#if HB_DEBUG
#define SANITIZE_DEBUG_ARG_DEF , unsigned int sanitize_depth
#define SANITIZE_DEBUG_ARG , sanitize_depth + 1
#define SANITIZE_DEBUG_ARG_INIT , 0
#define SANITIZE_DEBUG() \
HB_STMT_START { \
printf ("SANITIZE(%p) %-*d-> %s\n", \
(CONST_CHARP (this) == NullPool) ? 0 : this, \
sanitize_depth+1, sanitize_depth, \
__PRETTY_FUNCTION__); \
} HB_STMT_END
#else
#define SANITIZE_DEBUG_ARG_DEF
#define SANITIZE_DEBUG_ARG
#define SANITIZE_DEBUG_ARG_INIT
#define SANITIZE_DEBUG() HB_STMT_START {} HB_STMT_END
#endif
typedef struct _hb_sanitize_context_t hb_sanitize_context_t;
struct _hb_sanitize_context_t
{
@ -237,9 +255,11 @@ _hb_sanitize_edit (hb_sanitize_context_t *context)
}
#define SANITIZE_ARG_DEF \
hb_sanitize_context_t *context
hb_sanitize_context_t *context SANITIZE_DEBUG_ARG_DEF
#define SANITIZE_ARG \
context
context SANITIZE_DEBUG_ARG
#define SANITIZE_ARG_INIT \
&context SANITIZE_DEBUG_ARG_INIT
#define SANITIZE(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG))
#define SANITIZE2(X,Y) (SANITIZE (X) && SANITIZE (Y))
@ -275,12 +295,12 @@ struct Sanitizer
Type *t = &CAST (Type, context.start, 0);
sane = t->sanitize (&context);
sane = t->sanitize (SANITIZE_ARG_INIT);
if (sane) {
if (context.edit_count) {
/* sanitize again to ensure not toe-stepping */
context.edit_count = 0;
sane = t->sanitize (&context);
sane = t->sanitize (SANITIZE_ARG_INIT);
if (context.edit_count) {
sane = false;
}
@ -334,7 +354,10 @@ struct Sanitizer
inline NAME& operator = (TYPE i) { (TYPE&) v = BIG_ENDIAN (i); return *this; } \
inline operator TYPE(void) const { return BIG_ENDIAN ((TYPE&) v); } \
inline bool operator== (NAME o) const { return (TYPE&) v == (TYPE&) o.v; } \
inline bool sanitize (SANITIZE_ARG_DEF) { return SANITIZE_SELF (); } \
inline bool sanitize (SANITIZE_ARG_DEF) { \
SANITIZE_DEBUG (); \
return SANITIZE_SELF (); \
} \
private: char v[BYTES]; \
}; \
ASSERT_SIZE (NAME, BYTES)
@ -360,6 +383,7 @@ struct Tag : ULONG
inline operator char* (void) { return CHARP(this); }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
/* Note: Only accept ASCII-visible tags (mind DEL)
* This is one of the few times (only time?) we check
* for data integrity, as opposed o just boundary checks
@ -407,6 +431,7 @@ struct FixedVersion
inline operator uint32_t (void) const { return (major << 16) + minor; }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -433,18 +458,21 @@ struct GenericOffsetTo : OffsetType
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
if (!SANITIZE_OBJ (*this)) return false;
unsigned int offset = *this;
if (HB_UNLIKELY (!offset)) return true;
return SANITIZE (CAST(Type, *DECONST_CHARP(base), offset)) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0);
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) {
SANITIZE_DEBUG ();
if (!SANITIZE_OBJ (*this)) return false;
unsigned int offset = *this;
if (HB_UNLIKELY (!offset)) return true;
return SANITIZE_BASE (CAST(Type, *DECONST_CHARP(base), offset), base2) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0);
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) {
SANITIZE_DEBUG ();
if (!SANITIZE_OBJ (*this)) return false;
unsigned int offset = *this;
if (HB_UNLIKELY (!offset)) return true;
@ -475,6 +503,7 @@ struct GenericArrayOf
{ return sizeof (len) + len * sizeof (array[0]); }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_GET_SIZE()) return false;
/* Note; for non-recursive types, this is not much needed
unsigned int count = len;
@ -485,6 +514,7 @@ struct GenericArrayOf
return true;
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
if (!SANITIZE_GET_SIZE()) return false;
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
@ -493,6 +523,7 @@ struct GenericArrayOf
return true;
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) {
SANITIZE_DEBUG ();
if (!SANITIZE_GET_SIZE()) return false;
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
@ -501,6 +532,7 @@ struct GenericArrayOf
return true;
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) {
SANITIZE_DEBUG ();
if (!SANITIZE_GET_SIZE()) return false;
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
@ -547,6 +579,7 @@ struct HeadlessArrayOf
{ return sizeof (len) + (len ? len - 1 : 0) * sizeof (array[0]); }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_GET_SIZE()) return false;
/* Note; for non-recursive types, this is not much needed
unsigned int count = len ? len - 1 : 0;

17
src/hb-ot-layout-common-private.hh
View File

@ -47,6 +47,7 @@ template <typename Type>
struct Record
{
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
return SANITIZE (tag) == 0 && SANITIZE_BASE (offset, base);
}
@ -74,6 +75,7 @@ struct RecordListOf : RecordArrayOf<Type>
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return RecordArrayOf<Type>::sanitize (SANITIZE_ARG, CONST_CHARP(this));
}
};
@ -98,6 +100,7 @@ struct LangSys
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE (featureIndex);
}
@ -129,6 +132,7 @@ struct Script
inline const LangSys& get_default_lang_sys (void) const { return this+defaultLangSys; }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (defaultLangSys) && SANITIZE_THIS (langSys);
}
@ -152,6 +156,7 @@ struct Feature
inline unsigned int get_lookup_count (void) const { return lookupIndex.len; }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE (lookupIndex);
}
@ -187,6 +192,7 @@ ASSERT_SIZE (LookupFlag, 2);
struct LookupSubTable
{
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -213,6 +219,7 @@ struct Lookup
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!(SANITIZE_SELF () && SANITIZE_THIS (subTable))) return false;
if (HB_UNLIKELY (lookupFlag & LookupFlag::UseMarkFilteringSet))
{
@ -242,6 +249,7 @@ struct OffsetListOf : OffsetArrayOf<Type>
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CONST_CHARP(this));
}
};
@ -274,6 +282,7 @@ struct CoverageFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE (glyphArray);
}
@ -298,6 +307,7 @@ struct CoverageRangeRecord
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -328,6 +338,7 @@ struct CoverageFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE (rangeRecord);
}
@ -354,6 +365,7 @@ struct Coverage
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -389,6 +401,7 @@ struct ClassDefFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE (classValue);
}
@ -413,6 +426,7 @@ struct ClassRangeRecord
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -442,6 +456,7 @@ struct ClassDefFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE (rangeRecord);
}
@ -466,6 +481,7 @@ struct ClassDef
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -523,6 +539,7 @@ struct Device
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_GET_SIZE ();
}

10
src/hb-ot-layout-gdef-private.hh
View File

@ -74,6 +74,7 @@ struct AttachList
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, attachPoint);
}
@ -103,6 +104,7 @@ struct CaretValueFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -123,6 +125,7 @@ struct CaretValueFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -144,6 +147,7 @@ struct CaretValueFormat3
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS (deviceTable);
}
@ -171,6 +175,7 @@ struct CaretValue
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -206,6 +211,7 @@ struct LigGlyph
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE (carets);
}
@ -236,6 +242,7 @@ struct LigCaretList
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, ligGlyph);
}
@ -256,6 +263,7 @@ struct MarkGlyphSetsFormat1
{ return (this+coverage[set_index]).get_coverage (glyph_id) != NOT_COVERED; }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (coverage);
}
@ -278,6 +286,7 @@ struct MarkGlyphSets
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -338,6 +347,7 @@ struct GDEF
{ return version >= 0x00010002 && (this+markGlyphSetsDef[0]).covers (set_index, glyph_id); }
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (version)) return false;
if (version.major != 1) return true;
return SANITIZE_THIS2 (glyphClassDef, attachList) &&

28
src/hb-ot-layout-gpos-private.hh
View File

@ -155,6 +155,7 @@ struct AnchorFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -179,6 +180,7 @@ struct AnchorFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -208,6 +210,7 @@ struct AnchorFormat3
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS2 (xDeviceTable, yDeviceTable);
}
@ -241,6 +244,7 @@ struct Anchor
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -266,6 +270,7 @@ struct MarkRecord
friend struct MarkArray;
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_BASE (markAnchor, base);
}
@ -283,6 +288,7 @@ struct MarkArray
inline const Anchor& get_anchor (unsigned int index) const { return this+markRecord[index].markAnchor; }
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (markRecord);
}
@ -313,6 +319,7 @@ struct SinglePosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS (coverage) &&
SANITIZE_MEM (values, valueFormat.get_size ());
}
@ -353,6 +360,7 @@ struct SinglePosFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS (coverage) &&
SANITIZE_MEM (values, valueFormat.get_size () * valueCount);
}
@ -385,6 +393,7 @@ struct SinglePos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -421,6 +430,7 @@ struct PairSet
friend struct PairPosFormat1;
inline bool sanitize (SANITIZE_ARG_DEF, unsigned int format_len) {
SANITIZE_DEBUG ();
if (!SANITIZE_SELF ()) return false;
unsigned int count = (1 + format_len) * len;
return SANITIZE_MEM (array, sizeof (array[0]) * count);
@ -483,6 +493,7 @@ struct PairPosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS (coverage) &&
pairSet.sanitize (SANITIZE_ARG, CONST_CHARP(this),
valueFormat1.get_len () + valueFormat2.get_len ());
@ -549,6 +560,7 @@ struct PairPosFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS (coverage) &&
SANITIZE_THIS2 (classDef1, classDef2) &&
SANITIZE_MEM (values,
@ -600,6 +612,7 @@ struct PairPos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -621,6 +634,7 @@ ASSERT_SIZE (PairPos, 2);
struct EntryExitRecord
{
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
SANITIZE_DEBUG ();
return SANITIZE_BASE2 (entryAnchor, exitAnchor, base);
}
@ -815,6 +829,7 @@ struct CursivePosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, entryExitRecord);
}
@ -843,6 +858,7 @@ struct CursivePos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -864,6 +880,7 @@ struct BaseArray
friend struct MarkBasePosFormat1;
inline bool sanitize (SANITIZE_ARG_DEF, unsigned int cols) {
SANITIZE_DEBUG ();
if (!SANITIZE_SELF ()) return false;
unsigned int count = cols * len;
if (!SANITIZE_MEM (matrix, sizeof (matrix[0]) * count)) return false;
@ -940,6 +957,7 @@ struct MarkBasePosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS2 (markCoverage, baseCoverage) &&
SANITIZE_THIS (markArray) && baseArray.sanitize (SANITIZE_ARG, CONST_CHARP(this), classCount);
}
@ -976,6 +994,7 @@ struct MarkBasePos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -1090,6 +1109,7 @@ struct MarkLigPosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () &&
SANITIZE_THIS2 (markCoverage, ligatureCoverage) &&
SANITIZE_THIS2 (markArray, ligatureArray);
@ -1128,6 +1148,7 @@ struct MarkLigPos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -1149,6 +1170,7 @@ struct Mark2Array
friend struct MarkMarkPosFormat1;
inline bool sanitize (SANITIZE_ARG_DEF, unsigned int cols) {
SANITIZE_DEBUG ();
if (!SANITIZE_SELF ()) return false;
unsigned int count = cols * len;
if (!SANITIZE_MEM (matrix, sizeof (matrix[0]) * count)) return false;
@ -1228,6 +1250,7 @@ struct MarkMarkPosFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF () && SANITIZE_THIS2 (mark1Coverage, mark2Coverage) &&
SANITIZE_THIS (mark1Array) && mark2Array.sanitize (SANITIZE_ARG, CONST_CHARP(this), classCount);
}
@ -1266,6 +1289,7 @@ struct MarkMarkPos
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -1359,6 +1383,7 @@ struct PosLookupSubTable
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case Single: return u.single->sanitize (SANITIZE_ARG);
@ -1471,6 +1496,7 @@ struct PosLookup : Lookup
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (Lookup::sanitize (SANITIZE_ARG)) return false;
OffsetArrayOf<PosLookupSubTable> &list = (OffsetArrayOf<PosLookupSubTable> &) subTable;
return SANITIZE_THIS (list);
@ -1502,6 +1528,7 @@ struct GPOS : GSUBGPOS
{ return get_lookup (lookup_index).apply_string (context, buffer, mask); }
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (GSUBGPOS::sanitize (SANITIZE_ARG)) return false;
OffsetTo<PosLookupList> &list = CAST(OffsetTo<PosLookupList>, lookupList, 0);
return SANITIZE_THIS (list);
@ -1524,6 +1551,7 @@ inline bool ExtensionPos::apply (APPLY_ARG_DEF) const
inline bool ExtensionPos::sanitize (SANITIZE_ARG_DEF)
{
SANITIZE_DEBUG ();
return Extension::sanitize (SANITIZE_ARG) &&
(&(Extension::get_subtable ()) == &Null(LookupSubTable) ||
get_type () == PosLookupSubTable::Extension ||

18
src/hb-ot-layout-gsub-private.hh
View File

@ -54,6 +54,7 @@ struct SingleSubstFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (coverage) && SANITIZE (deltaGlyphID);
}
@ -94,6 +95,7 @@ struct SingleSubstFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (coverage) && SANITIZE (substitute);
}
@ -124,6 +126,7 @@ struct SingleSubst
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -172,6 +175,7 @@ struct Sequence
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE (substitute);
}
@ -198,6 +202,7 @@ struct MultipleSubstFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, sequence);
}
@ -227,6 +232,7 @@ struct MultipleSubst
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -290,6 +296,7 @@ struct AlternateSubstFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, alternateSet);
}
@ -319,6 +326,7 @@ struct AlternateSubst
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -407,6 +415,7 @@ struct Ligature
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE2 (ligGlyph, component);
}
@ -439,6 +448,7 @@ struct LigatureSet
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (ligature);
}
@ -469,6 +479,7 @@ struct LigatureSubstFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, ligatureSet);
}
@ -497,6 +508,7 @@ struct LigatureSubst
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -586,6 +598,7 @@ struct ReverseChainSingleSubstFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_THIS2 (coverage, backtrack))
return false;
OffsetArrayOf<Coverage> &lookahead = CAST (OffsetArrayOf<Coverage>, backtrack, backtrack.get_size ());
@ -628,6 +641,7 @@ struct ReverseChainSingleSubst
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -680,6 +694,7 @@ struct SubstLookupSubTable
}
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case Single: return u.single->sanitize (SANITIZE_ARG);
@ -806,6 +821,7 @@ struct SubstLookup : Lookup
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (Lookup::sanitize (SANITIZE_ARG)) return false;
OffsetArrayOf<SubstLookupSubTable> &list = (OffsetArrayOf<SubstLookupSubTable> &) subTable;
return SANITIZE_THIS (list);
@ -838,6 +854,7 @@ struct GSUB : GSUBGPOS
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (GSUBGPOS::sanitize (SANITIZE_ARG)) return false;
OffsetTo<SubstLookupList> &list = CAST(OffsetTo<SubstLookupList>, lookupList, 0);
return SANITIZE_THIS (list);
@ -860,6 +877,7 @@ inline bool ExtensionSubst::apply (APPLY_ARG_DEF) const
inline bool ExtensionSubst::sanitize (SANITIZE_ARG_DEF)
{
SANITIZE_DEBUG ();
return Extension::sanitize (SANITIZE_ARG) &&
(&(Extension::get_subtable ()) == &Null(LookupSubTable) ||
get_type () == SubstLookupSubTable::Extension ||

16
src/hb-ot-layout-gsubgpos-private.hh
View File

@ -163,6 +163,7 @@ struct LookupRecord
{
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -265,6 +266,7 @@ struct Rule
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_SELF ()) return false;
return SANITIZE_MEM (input,
sizeof (input[0]) * inputCount +
@ -298,6 +300,7 @@ struct RuleSet
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (rule);
}
@ -328,6 +331,7 @@ struct ContextFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, ruleSet);
}
@ -368,6 +372,7 @@ struct ContextFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS3 (coverage, classDef, ruleSet);
}
@ -409,6 +414,7 @@ struct ContextFormat3
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_SELF ()) return false;
unsigned int count = glyphCount;
for (unsigned int i = 0; i < count; i++)
@ -444,6 +450,7 @@ struct Context
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -529,6 +536,7 @@ struct ChainRule
public:
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (backtrack)) return false;
HeadlessArrayOf<USHORT> &input = CAST (HeadlessArrayOf<USHORT>, backtrack, backtrack.get_size ());
if (!SANITIZE (input)) return false;
@ -570,6 +578,7 @@ struct ChainRuleSet
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS (rule);
}
@ -600,6 +609,7 @@ struct ChainContextFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, ruleSet);
}
@ -644,6 +654,7 @@ struct ChainContextFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_THIS2 (coverage, backtrackClassDef) &&
SANITIZE_THIS2 (inputClassDef, lookaheadClassDef) &&
SANITIZE_THIS (ruleSet);
@ -702,6 +713,7 @@ struct ChainContextFormat3
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE_THIS (backtrack)) return false;
OffsetArrayOf<Coverage> &input = CAST (OffsetArrayOf<Coverage>, backtrack, backtrack.get_size ());
if (!SANITIZE_THIS (input)) return false;
@ -745,6 +757,7 @@ struct ChainContext
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -780,6 +793,7 @@ struct ExtensionFormat1
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
return SANITIZE_SELF ();
}
@ -813,6 +827,7 @@ struct Extension
}
inline bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (u.format)) return false;
switch (u.format) {
case 1: return u.format1->sanitize (SANITIZE_ARG);
@ -849,6 +864,7 @@ struct GSUBGPOS
DEFINE_TAG_FIND_INTERFACE (Feature, feature); /* find_feature_index(), get_feature_by_tag(tag) */
bool sanitize (SANITIZE_ARG_DEF) {
SANITIZE_DEBUG ();
if (!SANITIZE (version)) return false;
if (version.major != 1) return true;
return SANITIZE_THIS3 (scriptList, featureList, lookupList);

6
src/hb-private.h
View File

@ -31,10 +31,14 @@
#include "config.h"
#endif
#define HB_DEBUG 1
#include <stdlib.h>
#include <stdio.h> /* XXX */
#include <string.h>
#include <assert.h>
#if HB_DEBUG
#include <stdio.h> /* XXX */
#endif
#include "hb-common.h"