From b28c282585afd3bff844e84eae7f29e1a1267aef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Fabian=20Kr=C3=BCger?= <zauguin@gmail.com>
Date: Tue, 17 Dec 2019 02:58:51 +0100
Subject: [PATCH] Check to avoid overflows

---
 src/hb-sanitize.hh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/hb-sanitize.hh b/src/hb-sanitize.hh
index 531276019..310e2fcf0 100644
--- a/src/hb-sanitize.hh
+++ b/src/hb-sanitize.hh
@@ -189,9 +189,12 @@ struct hb_sanitize_context_t :
   void start_processing ()
   {
     reset_object ();
-    this->max_ops = hb_min (hb_max ((unsigned int) (this->end - this->start) * HB_SANITIZE_MAX_OPS_FACTOR,
-				    (unsigned) HB_SANITIZE_MAX_OPS_MIN),
-			    (unsigned) HB_SANITIZE_MAX_OPS_MAX);
+    if (unlikely (hb_unsigned_mul_overflows (this->end - this->start, HB_SANITIZE_MAX_OPS_FACTOR)))
+      this->max_ops = HB_SANITIZE_MAX_OPS_MAX;
+    else
+      this->max_ops = hb_min (hb_max ((unsigned int) (this->end - this->start) * HB_SANITIZE_MAX_OPS_FACTOR,
+				      (unsigned) HB_SANITIZE_MAX_OPS_MIN),
+			      (unsigned) HB_SANITIZE_MAX_OPS_MAX);
     this->edit_count = 0;
     this->debug_depth = 0;