From ce09e90e1502d5f944bafd64e51c29e365a963ae Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 2 Dec 2016 20:12:57 -0800
Subject: [PATCH] [cbdt] More sanitize work

---
 src/hb-ot-cbdt-table.hh | 65 ++++++++++++++++++++++++-----------------
 src/hb-ot-font.cc       | 46 ++++++++++++++++-------------
 2 files changed, 63 insertions(+), 48 deletions(-)

diff --git a/src/hb-ot-cbdt-table.hh b/src/hb-ot-cbdt-table.hh
index dda42f257..3a7cc997d 100644
--- a/src/hb-ot-cbdt-table.hh
+++ b/src/hb-ot-cbdt-table.hh
@@ -72,32 +72,6 @@ struct SBitLineMetrics
   DEFINE_SIZE_STATIC(12);
 };
 
-struct BitmapSizeTable
-{
-  inline bool sanitize (hb_sanitize_context_t *c) const
-  {
-    TRACE_SANITIZE (this);
-    return_trace (c->check_struct (this) &&
-		  horizontal.sanitize (c) &&
-		  vertical.sanitize (c));
-  }
-
-  ULONG indexSubtableArrayOffset;
-  ULONG indexTablesSize;
-  ULONG numberOfIndexSubtables;
-  ULONG colorRef;
-  SBitLineMetrics horizontal;
-  SBitLineMetrics vertical;
-  USHORT startGlyphIndex;
-  USHORT endGlyphIndex;
-  BYTE ppemX;
-  BYTE ppemY;
-  BYTE bitDepth;
-  CHAR flags;
-
-  DEFINE_SIZE_STATIC(48);
-};
-
 /*
  * Index Subtables.
  */
@@ -142,6 +116,12 @@ struct GlyphBitmapDataFormat17
 
 struct IndexSubtableArray
 {
+  inline bool sanitize (hb_sanitize_context_t *c, unsigned int count) const
+  {
+    TRACE_SANITIZE (this);
+    return_trace (c->check_struct (this)); // XXX
+  }
+
   public:
   const IndexSubtable* find_table (hb_codepoint_t glyph, unsigned int numTables) const
   {
@@ -158,6 +138,37 @@ struct IndexSubtableArray
 
   protected:
   IndexSubtable indexSubtablesZ[VAR];
+
+  public:
+  DEFINE_SIZE_ARRAY(0, indexSubtablesZ);
+};
+
+struct BitmapSizeTable
+{
+  inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
+  {
+    TRACE_SANITIZE (this);
+    return_trace (c->check_struct (this) &&
+		  indexSubtableArrayOffset.sanitize (c, base, numberOfIndexSubtables) &&
+		  c->check_range (&(base+indexSubtableArrayOffset), indexTablesSize) &&
+		  horizontal.sanitize (c) &&
+		  vertical.sanitize (c));
+  }
+
+  OffsetTo<IndexSubtableArray, ULONG> indexSubtableArrayOffset;
+  ULONG indexTablesSize;
+  ULONG numberOfIndexSubtables;
+  ULONG colorRef;
+  SBitLineMetrics horizontal;
+  SBitLineMetrics vertical;
+  USHORT startGlyphIndex;
+  USHORT endGlyphIndex;
+  BYTE ppemX;
+  BYTE ppemY;
+  BYTE bitDepth;
+  CHAR flags;
+
+  DEFINE_SIZE_STATIC(48);
 };
 
 /*
@@ -175,7 +186,7 @@ struct CBLC
     TRACE_SANITIZE (this);
     return_trace (c->check_struct (this) &&
 		  likely (version.major == 2 || version.major == 3) &&
-		  sizeTables.sanitize (c));
+		  sizeTables.sanitize (c, this));
   }
 
   public:
diff --git a/src/hb-ot-font.cc b/src/hb-ot-font.cc
index 25a1ef6c3..2d1cf09a7 100644
--- a/src/hb-ot-font.cc
+++ b/src/hb-ot-font.cc
@@ -262,30 +262,34 @@ struct hb_ot_face_cbdt_accelerator_t
             OT::StructAtOffset<OT::IndexSubHeader> (this->cblc, offsetToSubtable);
 
     unsigned int imageDataOffset = header.imageDataOffset;
-    switch (header.indexFormat) {
-      case 1: {
-        const OT::IndexSubtableFormat1& format1 =
-            OT::StructAtOffset<OT::IndexSubtableFormat1> (this->cblc, offsetToSubtable);
-        imageDataOffset += format1.offsetArrayZ[glyph - subtable->firstGlyphIndex];
-        switch (header.imageFormat) {
-          case 17: {
-            const OT::GlyphBitmapDataFormat17& glyphFormat17 =
-                OT::StructAtOffset<OT::GlyphBitmapDataFormat17> (this->cbdt, imageDataOffset);
-            extents->x_bearing = glyphFormat17.glyphMetrics.bearingX;
-            extents->y_bearing = glyphFormat17.glyphMetrics.bearingY;
-            extents->width = glyphFormat17.glyphMetrics.width;
-            extents->height = -glyphFormat17.glyphMetrics.height;
-          }
-          break;
-          default:
-            // TODO: Support other image formats.
-            return false;
-        }
+    switch (header.indexFormat)
+    {
+      case 1:
+	{
+	  const OT::IndexSubtableFormat1& format1 =
+	      OT::StructAtOffset<OT::IndexSubtableFormat1> (this->cblc, offsetToSubtable);
+	  imageDataOffset += format1.offsetArrayZ[glyph - subtable->firstGlyphIndex];
+	}
+	break;
+      default:
+	// TODO: Support other index subtable format.
+	return false;
+    }
+
+    switch (header.imageFormat)
+    {
+      case 17: {
+	const OT::GlyphBitmapDataFormat17& glyphFormat17 =
+	    OT::StructAtOffset<OT::GlyphBitmapDataFormat17> (this->cbdt, imageDataOffset);
+	extents->x_bearing = glyphFormat17.glyphMetrics.bearingX;
+	extents->y_bearing = glyphFormat17.glyphMetrics.bearingY;
+	extents->width = glyphFormat17.glyphMetrics.width;
+	extents->height = -glyphFormat17.glyphMetrics.height;
       }
       break;
       default:
-        // TODO: Support other index subtable format.
-        return false;
+	// TODO: Support other image formats.
+	return false;
     }
 
     /* Convert to the font units. */