Make sanitize() a const method

This makes a lot of code safer.  We only try modifying the object in one
place, after making sure it's safe to do so.  So, do a const_cast<> in
that one place...
This commit is contained in:
Behdad Esfahbod 2015-02-17 17:27:44 +03:00
parent 6759ed95a3
commit de2118ed7a
14 changed files with 296 additions and 160 deletions

View File

@ -53,7 +53,8 @@ struct TTCHeader;
typedef struct TableRecord typedef struct TableRecord
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -102,7 +103,8 @@ typedef struct OffsetTable
} }
public: public:
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && c->check_array (tables, TableRecord::static_size, numTables)); return TRACE_RETURN (c->check_struct (this) && c->check_array (tables, TableRecord::static_size, numTables));
} }
@ -130,7 +132,8 @@ struct TTCHeaderVersion1
inline unsigned int get_face_count (void) const { return table.len; } inline unsigned int get_face_count (void) const { return table.len; }
inline const OpenTypeFontFace& get_face (unsigned int i) const { return this+table[i]; } inline const OpenTypeFontFace& get_face (unsigned int i) const { return this+table[i]; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (table.sanitize (c, this)); return TRACE_RETURN (table.sanitize (c, this));
} }
@ -169,7 +172,8 @@ struct TTCHeader
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!u.header.version.sanitize (c))) return TRACE_RETURN (false); if (unlikely (!u.header.version.sanitize (c))) return TRACE_RETURN (false);
switch (u.header.version.major) { switch (u.header.version.major) {
@ -233,7 +237,8 @@ struct OpenTypeFontFile
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!u.tag.sanitize (c))) return TRACE_RETURN (false); if (unlikely (!u.tag.sanitize (c))) return TRACE_RETURN (false);
switch (u.tag) { switch (u.tag) {

View File

@ -270,9 +270,9 @@ struct hb_sanitize_context_t
} }
template <typename Type, typename ValueType> template <typename Type, typename ValueType>
inline bool try_set (Type *obj, const ValueType &v) { inline bool try_set (const Type *obj, const ValueType &v) {
if (this->may_edit (obj, obj->static_size)) { if (this->may_edit (obj, obj->static_size)) {
obj->set (v); const_cast<Type *> (obj)->set (v);
return true; return true;
} }
return false; return false;
@ -619,7 +619,8 @@ struct IntType
static inline int cmp (const IntType<Type,Size> *a, const IntType<Type,Size> *b) { return b->cmp (*a); } static inline int cmp (const IntType<Type,Size> *a, const IntType<Type,Size> *b) { return b->cmp (*a); }
inline int cmp (IntType<Type,Size> va) const { Type a = va; Type b = v; return a < b ? -1 : a == b ? 0 : +1; } inline int cmp (IntType<Type,Size> va) const { Type a = va; Type b = v; return a < b ? -1 : a == b ? 0 : +1; }
inline int cmp (Type a) const { Type b = v; return a < b ? -1 : a == b ? 0 : +1; } inline int cmp (Type a) const { Type b = v; return a < b ? -1 : a == b ? 0 : +1; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (likely (c->check_struct (this))); return TRACE_RETURN (likely (c->check_struct (this)));
} }
@ -646,7 +647,8 @@ typedef USHORT UFWORD;
* 1904. The value is represented as a signed 64-bit integer. */ * 1904. The value is represented as a signed 64-bit integer. */
struct LONGDATETIME struct LONGDATETIME
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (likely (c->check_struct (this))); return TRACE_RETURN (likely (c->check_struct (this)));
} }
@ -719,7 +721,8 @@ struct FixedVersion
{ {
inline uint32_t to_int (void) const { return (major << 16) + minor; } inline uint32_t to_int (void) const { return (major << 16) + minor; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -747,33 +750,35 @@ struct OffsetTo : Offset<OffsetType>
return StructAtOffset<Type> (base, offset); return StructAtOffset<Type> (base, offset);
} }
inline Type& serialize (hb_serialize_context_t *c, void *base) inline Type& serialize (hb_serialize_context_t *c, const void *base)
{ {
Type *t = c->start_embed<Type> (); Type *t = c->start_embed<Type> ();
this->set ((char *) t - (char *) base); /* TODO(serialize) Overflow? */ this->set ((char *) t - (char *) base); /* TODO(serialize) Overflow? */
return *t; return *t;
} }
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false); if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false);
unsigned int offset = *this; unsigned int offset = *this;
if (unlikely (!offset)) return TRACE_RETURN (true); if (unlikely (!offset)) return TRACE_RETURN (true);
Type &obj = StructAtOffset<Type> (base, offset); const Type &obj = StructAtOffset<Type> (base, offset);
return TRACE_RETURN (likely (obj.sanitize (c)) || neuter (c)); return TRACE_RETURN (likely (obj.sanitize (c)) || neuter (c));
} }
template <typename T> template <typename T>
inline bool sanitize (hb_sanitize_context_t *c, void *base, T user_data) { inline bool sanitize (hb_sanitize_context_t *c, const void *base, T user_data) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false); if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false);
unsigned int offset = *this; unsigned int offset = *this;
if (unlikely (!offset)) return TRACE_RETURN (true); if (unlikely (!offset)) return TRACE_RETURN (true);
Type &obj = StructAtOffset<Type> (base, offset); const Type &obj = StructAtOffset<Type> (base, offset);
return TRACE_RETURN (likely (obj.sanitize (c, user_data)) || neuter (c)); return TRACE_RETURN (likely (obj.sanitize (c, user_data)) || neuter (c));
} }
/* Set the offset to Null */ /* Set the offset to Null */
inline bool neuter (hb_sanitize_context_t *c) { inline bool neuter (hb_sanitize_context_t *c) const {
return c->try_set (this, 0); return c->try_set (this, 0);
} }
DEFINE_SIZE_STATIC (sizeof(OffsetType)); DEFINE_SIZE_STATIC (sizeof(OffsetType));
@ -838,7 +843,8 @@ struct ArrayOf
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false); if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false);
@ -853,7 +859,8 @@ struct ArrayOf
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false); if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false);
unsigned int count = len; unsigned int count = len;
@ -863,7 +870,8 @@ struct ArrayOf
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
template <typename T> template <typename T>
inline bool sanitize (hb_sanitize_context_t *c, void *base, T user_data) { inline bool sanitize (hb_sanitize_context_t *c, const void *base, T user_data) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false); if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false);
unsigned int count = len; unsigned int count = len;
@ -884,7 +892,8 @@ struct ArrayOf
} }
private: private:
inline bool sanitize_shallow (hb_sanitize_context_t *c) { inline bool sanitize_shallow (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && c->check_array (this, Type::static_size, len)); return TRACE_RETURN (c->check_struct (this) && c->check_array (this, Type::static_size, len));
} }
@ -910,12 +919,14 @@ struct OffsetListOf : OffsetArrayOf<Type>
return this+this->array[i]; return this+this->array[i];
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (OffsetArrayOf<Type>::sanitize (c, this)); return TRACE_RETURN (OffsetArrayOf<Type>::sanitize (c, this));
} }
template <typename T> template <typename T>
inline bool sanitize (hb_sanitize_context_t *c, T user_data) { inline bool sanitize (hb_sanitize_context_t *c, T user_data) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (OffsetArrayOf<Type>::sanitize (c, this, user_data)); return TRACE_RETURN (OffsetArrayOf<Type>::sanitize (c, this, user_data));
} }
@ -949,12 +960,14 @@ struct HeadlessArrayOf
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize_shallow (hb_sanitize_context_t *c) { inline bool sanitize_shallow (hb_sanitize_context_t *c) const
{
return c->check_struct (this) return c->check_struct (this)
&& c->check_array (this, Type::static_size, len); && c->check_array (this, Type::static_size, len);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false); if (unlikely (!sanitize_shallow (c))) return TRACE_RETURN (false);

View File

@ -51,7 +51,8 @@ struct CmapSubtableFormat0
return true; return true;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -125,7 +126,7 @@ struct CmapSubtableFormat4
return true; return true;
} }
inline bool sanitize (hb_sanitize_context_t *c) inline bool sanitize (hb_sanitize_context_t *c) const
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) if (unlikely (!c->check_struct (this)))
@ -183,7 +184,8 @@ struct CmapSubtableLongGroup
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -210,7 +212,8 @@ struct CmapSubtableTrimmed
return true; return true;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && glyphIdArray.sanitize (c)); return TRACE_RETURN (c->check_struct (this) && glyphIdArray.sanitize (c));
} }
@ -242,7 +245,8 @@ struct CmapSubtableLongSegmented
return true; return true;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && groups.sanitize (c)); return TRACE_RETURN (c->check_struct (this) && groups.sanitize (c));
} }
@ -288,7 +292,8 @@ struct UnicodeValueRange
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -309,7 +314,8 @@ struct UVSMapping
return unicodeValue.cmp (codepoint); return unicodeValue.cmp (codepoint);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -348,7 +354,8 @@ struct VariationSelectorRecord
return varSelector.cmp (variation_selector); return varSelector.cmp (variation_selector);
} }
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
defaultUVS.sanitize (c, base) && defaultUVS.sanitize (c, base) &&
@ -373,7 +380,8 @@ struct CmapSubtableFormat14
return record[record.bsearch(variation_selector)].get_glyph (codepoint, glyph, this); return record[record.bsearch(variation_selector)].get_glyph (codepoint, glyph, this);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
record.sanitize (c, this)); record.sanitize (c, this));
@ -418,7 +426,8 @@ struct CmapSubtable
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -461,7 +470,8 @@ struct EncodingRecord
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
subtable.sanitize (c, base)); subtable.sanitize (c, base));
@ -496,7 +506,8 @@ struct cmap
return &(this+encodingRecord[result].subtable); return &(this+encodingRecord[result].subtable);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
likely (version == 0) && likely (version == 0) &&

View File

@ -45,13 +45,15 @@ struct head
{ {
static const hb_tag_t tableTag = HB_OT_TAG_head; static const hb_tag_t tableTag = HB_OT_TAG_head;
inline unsigned int get_upem (void) const { inline unsigned int get_upem (void) const
{
unsigned int upem = unitsPerEm; unsigned int upem = unitsPerEm;
/* If no valid head table found, assume 1000, which matches typical Type1 usage. */ /* If no valid head table found, assume 1000, which matches typical Type1 usage. */
return 16 <= upem && upem <= 16384 ? upem : 1000; return 16 <= upem && upem <= 16384 ? upem : 1000;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && likely (version.major == 1)); return TRACE_RETURN (c->check_struct (this) && likely (version.major == 1));
} }

View File

@ -49,7 +49,8 @@ struct _hea
static const hb_tag_t hheaTag = HB_OT_TAG_hhea; static const hb_tag_t hheaTag = HB_OT_TAG_hhea;
static const hb_tag_t vheaTag = HB_OT_TAG_vhea; static const hb_tag_t vheaTag = HB_OT_TAG_vhea;
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && likely (version.major == 1)); return TRACE_RETURN (c->check_struct (this) && likely (version.major == 1));
} }

View File

@ -57,7 +57,8 @@ struct _mtx
static const hb_tag_t hmtxTag = HB_OT_TAG_hmtx; static const hb_tag_t hmtxTag = HB_OT_TAG_hmtx;
static const hb_tag_t vmtxTag = HB_OT_TAG_vmtx; static const hb_tag_t vmtxTag = HB_OT_TAG_vmtx;
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
/* We don't check for anything specific here. The users of the /* We don't check for anything specific here. The users of the
* struct do all the hard work... */ * struct do all the hard work... */

View File

@ -63,9 +63,10 @@ struct Record
struct sanitize_closure_t { struct sanitize_closure_t {
hb_tag_t tag; hb_tag_t tag;
void *list_base; const void *list_base;
}; };
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
const sanitize_closure_t closure = {tag, base}; const sanitize_closure_t closure = {tag, base};
return TRACE_RETURN (c->check_struct (this) && offset.sanitize (c, base, &closure)); return TRACE_RETURN (c->check_struct (this) && offset.sanitize (c, base, &closure));
@ -121,7 +122,8 @@ struct RecordListOf : RecordArrayOf<Type>
inline const Type& operator [] (unsigned int i) const inline const Type& operator [] (unsigned int i) const
{ return this+RecordArrayOf<Type>::operator [](i).offset; } { return this+RecordArrayOf<Type>::operator [](i).offset; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (RecordArrayOf<Type>::sanitize (c, this)); return TRACE_RETURN (RecordArrayOf<Type>::sanitize (c, this));
} }
@ -134,7 +136,8 @@ struct RangeRecord
return g < start ? -1 : g <= end ? 0 : +1 ; return g < start ? -1 : g <= end ? 0 : +1 ;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -199,7 +202,8 @@ struct LangSys
} }
inline bool sanitize (hb_sanitize_context_t *c, inline bool sanitize (hb_sanitize_context_t *c,
const Record<LangSys>::sanitize_closure_t * = NULL) { const Record<LangSys>::sanitize_closure_t * = NULL) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && featureIndex.sanitize (c)); return TRACE_RETURN (c->check_struct (this) && featureIndex.sanitize (c));
} }
@ -238,7 +242,8 @@ struct Script
inline const LangSys& get_default_lang_sys (void) const { return this+defaultLangSys; } inline const LangSys& get_default_lang_sys (void) const { return this+defaultLangSys; }
inline bool sanitize (hb_sanitize_context_t *c, inline bool sanitize (hb_sanitize_context_t *c,
const Record<Script>::sanitize_closure_t * = NULL) { const Record<Script>::sanitize_closure_t * = NULL) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (defaultLangSys.sanitize (c, this) && langSys.sanitize (c, this)); return TRACE_RETURN (defaultLangSys.sanitize (c, this) && langSys.sanitize (c, this));
} }
@ -260,7 +265,8 @@ typedef RecordListOf<Script> ScriptList;
/* http://www.microsoft.com/typography/otspec/features_pt.htm#size */ /* http://www.microsoft.com/typography/otspec/features_pt.htm#size */
struct FeatureParamsSize struct FeatureParamsSize
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false); if (unlikely (!c->check_struct (this))) return TRACE_RETURN (false);
@ -371,7 +377,8 @@ struct FeatureParamsSize
/* http://www.microsoft.com/typography/otspec/features_pt.htm#ssxx */ /* http://www.microsoft.com/typography/otspec/features_pt.htm#ssxx */
struct FeatureParamsStylisticSet struct FeatureParamsStylisticSet
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
/* Right now minorVersion is at zero. Which means, any table supports /* Right now minorVersion is at zero. Which means, any table supports
* the uiNameID field. */ * the uiNameID field. */
@ -404,7 +411,8 @@ struct FeatureParamsStylisticSet
/* http://www.microsoft.com/typography/otspec/features_ae.htm#cv01-cv99 */ /* http://www.microsoft.com/typography/otspec/features_ae.htm#cv01-cv99 */
struct FeatureParamsCharacterVariants struct FeatureParamsCharacterVariants
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
characters.sanitize (c)); characters.sanitize (c));
@ -444,7 +452,8 @@ struct FeatureParamsCharacterVariants
struct FeatureParams struct FeatureParams
{ {
inline bool sanitize (hb_sanitize_context_t *c, hb_tag_t tag) { inline bool sanitize (hb_sanitize_context_t *c, hb_tag_t tag) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (tag == HB_TAG ('s','i','z','e')) if (tag == HB_TAG ('s','i','z','e'))
return TRACE_RETURN (u.size.sanitize (c)); return TRACE_RETURN (u.size.sanitize (c));
@ -486,7 +495,8 @@ struct Feature
{ return this+featureParams; } { return this+featureParams; }
inline bool sanitize (hb_sanitize_context_t *c, inline bool sanitize (hb_sanitize_context_t *c,
const Record<Feature>::sanitize_closure_t *closure) { const Record<Feature>::sanitize_closure_t *closure) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!(c->check_struct (this) && lookupIndex.sanitize (c)))) if (unlikely (!(c->check_struct (this) && lookupIndex.sanitize (c))))
return TRACE_RETURN (false); return TRACE_RETURN (false);
@ -595,13 +605,14 @@ struct Lookup
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
/* Real sanitize of the subtables is done by GSUB/GPOS/... */ /* Real sanitize of the subtables is done by GSUB/GPOS/... */
if (!(c->check_struct (this) && subTable.sanitize (c))) return TRACE_RETURN (false); if (!(c->check_struct (this) && subTable.sanitize (c))) return TRACE_RETURN (false);
if (lookupFlag & LookupFlag::UseMarkFilteringSet) if (lookupFlag & LookupFlag::UseMarkFilteringSet)
{ {
USHORT &markFilteringSet = StructAfter<USHORT> (subTable); const USHORT &markFilteringSet = StructAfter<USHORT> (subTable);
if (!markFilteringSet.sanitize (c)) return TRACE_RETURN (false); if (!markFilteringSet.sanitize (c)) return TRACE_RETURN (false);
} }
return TRACE_RETURN (true); return TRACE_RETURN (true);
@ -651,7 +662,8 @@ struct CoverageFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (glyphArray.sanitize (c)); return TRACE_RETURN (glyphArray.sanitize (c));
} }
@ -737,7 +749,8 @@ struct CoverageFormat2
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (rangeRecord.sanitize (c)); return TRACE_RETURN (rangeRecord.sanitize (c));
} }
@ -832,7 +845,8 @@ struct Coverage
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -943,7 +957,8 @@ struct ClassDefFormat1
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && classValue.sanitize (c)); return TRACE_RETURN (c->check_struct (this) && classValue.sanitize (c));
} }
@ -999,7 +1014,8 @@ struct ClassDefFormat2
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (rangeRecord.sanitize (c)); return TRACE_RETURN (rangeRecord.sanitize (c));
} }
@ -1056,7 +1072,8 @@ struct ClassDef
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1148,7 +1165,8 @@ struct Device
return USHORT::static_size * (4 + ((endSize - startSize) >> (4 - f))); return USHORT::static_size * (4 + ((endSize - startSize) >> (4 - f)));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && c->check_range (this, this->get_size ())); return TRACE_RETURN (c->check_struct (this) && c->check_range (this, this->get_size ()));
} }

View File

@ -71,7 +71,8 @@ struct AttachList
return points.len; return points.len;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && attachPoint.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && attachPoint.sanitize (c, this));
} }
@ -101,7 +102,8 @@ struct CaretValueFormat1
return HB_DIRECTION_IS_HORIZONTAL (direction) ? font->em_scale_x (coordinate) : font->em_scale_y (coordinate); return HB_DIRECTION_IS_HORIZONTAL (direction) ? font->em_scale_x (coordinate) : font->em_scale_y (coordinate);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -127,7 +129,8 @@ struct CaretValueFormat2
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -150,7 +153,8 @@ struct CaretValueFormat3
font->em_scale_y (coordinate) + (this+deviceTable).get_y_delta (font); font->em_scale_y (coordinate) + (this+deviceTable).get_y_delta (font);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && deviceTable.sanitize (c, this)); return TRACE_RETURN (c->check_struct (this) && deviceTable.sanitize (c, this));
} }
@ -178,7 +182,8 @@ struct CaretValue
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -219,7 +224,8 @@ struct LigGlyph
return carets.len; return carets.len;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (carets.sanitize (c, this)); return TRACE_RETURN (carets.sanitize (c, this));
} }
@ -253,7 +259,8 @@ struct LigCaretList
return lig_glyph.get_lig_carets (font, direction, glyph_id, start_offset, caret_count, caret_array); return lig_glyph.get_lig_carets (font, direction, glyph_id, start_offset, caret_count, caret_array);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && ligGlyph.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && ligGlyph.sanitize (c, this));
} }
@ -275,7 +282,8 @@ struct MarkGlyphSetsFormat1
inline bool covers (unsigned int set_index, hb_codepoint_t glyph_id) const inline bool covers (unsigned int set_index, hb_codepoint_t glyph_id) const
{ return (this+coverage[set_index]).get_coverage (glyph_id) != NOT_COVERED; } { return (this+coverage[set_index]).get_coverage (glyph_id) != NOT_COVERED; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this));
} }
@ -299,7 +307,8 @@ struct MarkGlyphSets
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -364,7 +373,8 @@ struct GDEF
inline bool mark_set_covers (unsigned int set_index, hb_codepoint_t glyph_id) const inline bool mark_set_covers (unsigned int set_index, hb_codepoint_t glyph_id) const
{ return version.to_int () >= 0x00010002u && (this+markGlyphSetsDef[0]).covers (set_index, glyph_id); } { return version.to_int () >= 0x00010002u && (this+markGlyphSetsDef[0]).covers (set_index, glyph_id); }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (version.sanitize (c) && return TRACE_RETURN (version.sanitize (c) &&
likely (version.major == 1) && likely (version.major == 1) &&

View File

@ -146,7 +146,8 @@ struct ValueFormat : USHORT
} }
private: private:
inline bool sanitize_value_devices (hb_sanitize_context_t *c, void *base, Value *values) { inline bool sanitize_value_devices (hb_sanitize_context_t *c, const void *base, const Value *values) const
{
unsigned int format = *this; unsigned int format = *this;
if (format & xPlacement) values++; if (format & xPlacement) values++;
@ -177,12 +178,14 @@ struct ValueFormat : USHORT
return (format & devices) != 0; return (format & devices) != 0;
} }
inline bool sanitize_value (hb_sanitize_context_t *c, void *base, Value *values) { inline bool sanitize_value (hb_sanitize_context_t *c, const void *base, const Value *values) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_range (values, get_size ()) && (!has_device () || sanitize_value_devices (c, base, values))); return TRACE_RETURN (c->check_range (values, get_size ()) && (!has_device () || sanitize_value_devices (c, base, values)));
} }
inline bool sanitize_values (hb_sanitize_context_t *c, void *base, Value *values, unsigned int count) { inline bool sanitize_values (hb_sanitize_context_t *c, const void *base, const Value *values, unsigned int count) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
unsigned int len = get_len (); unsigned int len = get_len ();
@ -200,7 +203,8 @@ struct ValueFormat : USHORT
} }
/* Just sanitize referenced Device tables. Doesn't check the values themselves. */ /* Just sanitize referenced Device tables. Doesn't check the values themselves. */
inline bool sanitize_values_stride_unsafe (hb_sanitize_context_t *c, void *base, Value *values, unsigned int count, unsigned int stride) { inline bool sanitize_values_stride_unsafe (hb_sanitize_context_t *c, const void *base, const Value *values, unsigned int count, unsigned int stride) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!has_device ()) return TRACE_RETURN (true); if (!has_device ()) return TRACE_RETURN (true);
@ -225,7 +229,8 @@ struct AnchorFormat1
*y = font->em_scale_y (yCoordinate); *y = font->em_scale_y (yCoordinate);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -254,7 +259,8 @@ struct AnchorFormat2
*y = ret && y_ppem ? cy : font->em_scale_y (yCoordinate); *y = ret && y_ppem ? cy : font->em_scale_y (yCoordinate);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -282,7 +288,8 @@ struct AnchorFormat3
*y += (this+yDeviceTable).get_x_delta (font); *y += (this+yDeviceTable).get_x_delta (font);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && xDeviceTable.sanitize (c, this) && yDeviceTable.sanitize (c, this)); return TRACE_RETURN (c->check_struct (this) && xDeviceTable.sanitize (c, this) && yDeviceTable.sanitize (c, this));
} }
@ -317,7 +324,8 @@ struct Anchor
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -349,7 +357,8 @@ struct AnchorMatrix
return this+matrixZ[row * cols + col]; return this+matrixZ[row * cols + col];
} }
inline bool sanitize (hb_sanitize_context_t *c, unsigned int cols) { inline bool sanitize (hb_sanitize_context_t *c, unsigned int cols) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!c->check_struct (this)) return TRACE_RETURN (false); if (!c->check_struct (this)) return TRACE_RETURN (false);
if (unlikely (rows > 0 && cols >= ((unsigned int) -1) / rows)) return TRACE_RETURN (false); if (unlikely (rows > 0 && cols >= ((unsigned int) -1) / rows)) return TRACE_RETURN (false);
@ -374,7 +383,8 @@ struct MarkRecord
{ {
friend struct MarkArray; friend struct MarkArray;
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && markAnchor.sanitize (c, base)); return TRACE_RETURN (c->check_struct (this) && markAnchor.sanitize (c, base));
} }
@ -421,7 +431,8 @@ struct MarkArray : ArrayOf<MarkRecord> /* Array of MarkRecords--in Coverage orde
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (ArrayOf<MarkRecord>::sanitize (c, this)); return TRACE_RETURN (ArrayOf<MarkRecord>::sanitize (c, this));
} }
@ -457,9 +468,12 @@ struct SinglePosFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && coverage.sanitize (c, this) && valueFormat.sanitize_value (c, this, values)); return TRACE_RETURN (c->check_struct (this)
&& coverage.sanitize (c, this)
&& valueFormat.sanitize_value (c, this, values));
} }
protected: protected:
@ -506,9 +520,12 @@ struct SinglePosFormat2
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && coverage.sanitize (c, this) && valueFormat.sanitize_values (c, this, values, valueCount)); return TRACE_RETURN (c->check_struct (this)
&& coverage.sanitize (c, this)
&& valueFormat.sanitize_values (c, this, values, valueCount));
} }
protected: protected:
@ -538,7 +555,8 @@ struct SinglePos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -636,19 +654,20 @@ struct PairSet
} }
struct sanitize_closure_t { struct sanitize_closure_t {
void *base; const void *base;
ValueFormat *valueFormats; const ValueFormat *valueFormats;
unsigned int len1; /* valueFormats[0].get_len() */ unsigned int len1; /* valueFormats[0].get_len() */
unsigned int stride; /* 1 + len1 + len2 */ unsigned int stride; /* 1 + len1 + len2 */
}; };
inline bool sanitize (hb_sanitize_context_t *c, const sanitize_closure_t *closure) { inline bool sanitize (hb_sanitize_context_t *c, const sanitize_closure_t *closure) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!(c->check_struct (this) if (!(c->check_struct (this)
&& c->check_array (arrayZ, USHORT::static_size * closure->stride, len))) return TRACE_RETURN (false); && c->check_array (arrayZ, USHORT::static_size * closure->stride, len))) return TRACE_RETURN (false);
unsigned int count = len; unsigned int count = len;
PairValueRecord *record = CastP<PairValueRecord> (arrayZ); const PairValueRecord *record = CastP<PairValueRecord> (arrayZ);
return TRACE_RETURN (closure->valueFormats[0].sanitize_values_stride_unsafe (c, closure->base, &record->values[0], count, closure->stride) return TRACE_RETURN (closure->valueFormats[0].sanitize_values_stride_unsafe (c, closure->base, &record->values[0], count, closure->stride)
&& closure->valueFormats[1].sanitize_values_stride_unsafe (c, closure->base, &record->values[closure->len1], count, closure->stride)); && closure->valueFormats[1].sanitize_values_stride_unsafe (c, closure->base, &record->values[closure->len1], count, closure->stride));
} }
@ -691,7 +710,8 @@ struct PairPosFormat1
return TRACE_RETURN ((this+pairSet[index]).apply (c, &valueFormat1, skippy_iter.idx)); return TRACE_RETURN ((this+pairSet[index]).apply (c, &valueFormat1, skippy_iter.idx));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
unsigned int len1 = valueFormat1.get_len (); unsigned int len1 = valueFormat1.get_len ();
@ -779,7 +799,8 @@ struct PairPosFormat2
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!(c->check_struct (this) if (!(c->check_struct (this)
&& coverage.sanitize (c, this) && coverage.sanitize (c, this)
@ -839,7 +860,8 @@ struct PairPos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -862,7 +884,8 @@ struct EntryExitRecord
{ {
friend struct CursivePosFormat1; friend struct CursivePosFormat1;
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (entryAnchor.sanitize (c, base) && exitAnchor.sanitize (c, base)); return TRACE_RETURN (entryAnchor.sanitize (c, base) && exitAnchor.sanitize (c, base));
} }
@ -975,7 +998,8 @@ struct CursivePosFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && entryExitRecord.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && entryExitRecord.sanitize (c, this));
} }
@ -1004,7 +1028,8 @@ struct CursivePos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1067,7 +1092,8 @@ struct MarkBasePosFormat1
return TRACE_RETURN ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx)); return TRACE_RETURN ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && markCoverage.sanitize (c, this) && baseCoverage.sanitize (c, this) && return TRACE_RETURN (c->check_struct (this) && markCoverage.sanitize (c, this) && baseCoverage.sanitize (c, this) &&
markArray.sanitize (c, this) && baseArray.sanitize (c, this, (unsigned int) classCount)); markArray.sanitize (c, this) && baseArray.sanitize (c, this, (unsigned int) classCount));
@ -1104,7 +1130,8 @@ struct MarkBasePos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1188,7 +1215,8 @@ struct MarkLigPosFormat1
return TRACE_RETURN ((this+markArray).apply (c, mark_index, comp_index, lig_attach, classCount, j)); return TRACE_RETURN ((this+markArray).apply (c, mark_index, comp_index, lig_attach, classCount, j));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && markCoverage.sanitize (c, this) && ligatureCoverage.sanitize (c, this) && return TRACE_RETURN (c->check_struct (this) && markCoverage.sanitize (c, this) && ligatureCoverage.sanitize (c, this) &&
markArray.sanitize (c, this) && ligatureArray.sanitize (c, this, (unsigned int) classCount)); markArray.sanitize (c, this) && ligatureArray.sanitize (c, this, (unsigned int) classCount));
@ -1226,7 +1254,8 @@ struct MarkLigPos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1306,7 +1335,8 @@ struct MarkMarkPosFormat1
return TRACE_RETURN ((this+mark1Array).apply (c, mark1_index, mark2_index, this+mark2Array, classCount, j)); return TRACE_RETURN ((this+mark1Array).apply (c, mark1_index, mark2_index, this+mark2Array, classCount, j));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && mark1Coverage.sanitize (c, this) && return TRACE_RETURN (c->check_struct (this) && mark1Coverage.sanitize (c, this) &&
mark2Coverage.sanitize (c, this) && mark1Array.sanitize (c, this) mark2Coverage.sanitize (c, this) && mark1Array.sanitize (c, this)
@ -1346,7 +1376,8 @@ struct MarkMarkPos
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1413,7 +1444,8 @@ struct PosLookupSubTable
} }
} }
inline bool sanitize (hb_sanitize_context_t *c, unsigned int lookup_type) { inline bool sanitize (hb_sanitize_context_t *c, unsigned int lookup_type) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
switch (lookup_type) { switch (lookup_type) {
case Single: return TRACE_RETURN (u.single.sanitize (c)); case Single: return TRACE_RETURN (u.single.sanitize (c));
@ -1506,10 +1538,11 @@ struct PosLookup : Lookup
return TRACE_RETURN (c->default_return_value ()); return TRACE_RETURN (c->default_return_value ());
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!Lookup::sanitize (c))) return TRACE_RETURN (false); if (unlikely (!Lookup::sanitize (c))) return TRACE_RETURN (false);
OffsetArrayOf<PosLookupSubTable> &list = CastR<OffsetArrayOf<PosLookupSubTable> > (subTable); const OffsetArrayOf<PosLookupSubTable> &list = CastR<OffsetArrayOf<PosLookupSubTable> > (subTable);
return TRACE_RETURN (list.sanitize (c, this, get_type ())); return TRACE_RETURN (list.sanitize (c, this, get_type ()));
} }
}; };
@ -1530,10 +1563,11 @@ struct GPOS : GSUBGPOS
static inline void position_start (hb_font_t *font, hb_buffer_t *buffer); static inline void position_start (hb_font_t *font, hb_buffer_t *buffer);
static inline void position_finish (hb_font_t *font, hb_buffer_t *buffer); static inline void position_finish (hb_font_t *font, hb_buffer_t *buffer);
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!GSUBGPOS::sanitize (c))) return TRACE_RETURN (false); if (unlikely (!GSUBGPOS::sanitize (c))) return TRACE_RETURN (false);
OffsetTo<PosLookupList> &list = CastR<OffsetTo<PosLookupList> > (lookupList); const OffsetTo<PosLookupList> &list = CastR<OffsetTo<PosLookupList> > (lookupList);
return TRACE_RETURN (list.sanitize (c, this)); return TRACE_RETURN (list.sanitize (c, this));
} }
public: public:

View File

@ -97,7 +97,8 @@ struct SingleSubstFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && deltaGlyphID.sanitize (c)); return TRACE_RETURN (coverage.sanitize (c, this) && deltaGlyphID.sanitize (c));
} }
@ -173,7 +174,8 @@ struct SingleSubstFormat2
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && substitute.sanitize (c)); return TRACE_RETURN (coverage.sanitize (c, this) && substitute.sanitize (c));
} }
@ -230,7 +232,8 @@ struct SingleSubst
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -312,7 +315,8 @@ struct Sequence
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (substitute.sanitize (c)); return TRACE_RETURN (substitute.sanitize (c));
} }
@ -384,7 +388,8 @@ struct MultipleSubstFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && sequence.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && sequence.sanitize (c, this));
} }
@ -429,7 +434,8 @@ struct MultipleSubst
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -535,7 +541,8 @@ struct AlternateSubstFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && alternateSet.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && alternateSet.sanitize (c, this));
} }
@ -580,7 +587,8 @@ struct AlternateSubst
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -686,7 +694,8 @@ struct Ligature
} }
public: public:
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (ligGlyph.sanitize (c) && component.sanitize (c)); return TRACE_RETURN (ligGlyph.sanitize (c) && component.sanitize (c));
} }
@ -764,7 +773,8 @@ struct LigatureSet
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (ligature.sanitize (c, this)); return TRACE_RETURN (ligature.sanitize (c, this));
} }
@ -848,7 +858,8 @@ struct LigatureSubstFormat1
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && ligatureSet.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && ligatureSet.sanitize (c, this));
} }
@ -896,7 +907,8 @@ struct LigatureSubst
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1017,14 +1029,15 @@ struct ReverseChainSingleSubstFormat1
return TRACE_RETURN (false); return TRACE_RETURN (false);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!(coverage.sanitize (c, this) && backtrack.sanitize (c, this))) if (!(coverage.sanitize (c, this) && backtrack.sanitize (c, this)))
return TRACE_RETURN (false); return TRACE_RETURN (false);
OffsetArrayOf<Coverage> &lookahead = StructAfter<OffsetArrayOf<Coverage> > (backtrack); const OffsetArrayOf<Coverage> &lookahead = StructAfter<OffsetArrayOf<Coverage> > (backtrack);
if (!lookahead.sanitize (c, this)) if (!lookahead.sanitize (c, this))
return TRACE_RETURN (false); return TRACE_RETURN (false);
ArrayOf<GlyphID> &substitute = StructAfter<ArrayOf<GlyphID> > (lookahead); const ArrayOf<GlyphID> &substitute = StructAfter<ArrayOf<GlyphID> > (lookahead);
return TRACE_RETURN (substitute.sanitize (c)); return TRACE_RETURN (substitute.sanitize (c));
} }
@ -1060,7 +1073,8 @@ struct ReverseChainSingleSubst
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1114,7 +1128,8 @@ struct SubstLookupSubTable
} }
} }
inline bool sanitize (hb_sanitize_context_t *c, unsigned int lookup_type) { inline bool sanitize (hb_sanitize_context_t *c, unsigned int lookup_type) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
switch (lookup_type) { switch (lookup_type) {
case Single: return TRACE_RETURN (u.single.sanitize (c)); case Single: return TRACE_RETURN (u.single.sanitize (c));
@ -1283,11 +1298,11 @@ struct SubstLookup : Lookup
return TRACE_RETURN (c->default_return_value ()); return TRACE_RETURN (c->default_return_value ());
} }
inline bool sanitize (hb_sanitize_context_t *c) inline bool sanitize (hb_sanitize_context_t *c) const
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!Lookup::sanitize (c))) return TRACE_RETURN (false); if (unlikely (!Lookup::sanitize (c))) return TRACE_RETURN (false);
OffsetArrayOf<SubstLookupSubTable> &list = CastR<OffsetArrayOf<SubstLookupSubTable> > (subTable); const OffsetArrayOf<SubstLookupSubTable> &list = CastR<OffsetArrayOf<SubstLookupSubTable> > (subTable);
if (unlikely (!list.sanitize (c, this, get_type ()))) return TRACE_RETURN (false); if (unlikely (!list.sanitize (c, this, get_type ()))) return TRACE_RETURN (false);
if (unlikely (get_type () == SubstLookupSubTable::Extension)) if (unlikely (get_type () == SubstLookupSubTable::Extension))
@ -1321,10 +1336,11 @@ struct GSUB : GSUBGPOS
static inline void substitute_start (hb_font_t *font, hb_buffer_t *buffer); static inline void substitute_start (hb_font_t *font, hb_buffer_t *buffer);
static inline void substitute_finish (hb_font_t *font, hb_buffer_t *buffer); static inline void substitute_finish (hb_font_t *font, hb_buffer_t *buffer);
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (unlikely (!GSUBGPOS::sanitize (c))) return TRACE_RETURN (false); if (unlikely (!GSUBGPOS::sanitize (c))) return TRACE_RETURN (false);
OffsetTo<SubstLookupList> &list = CastR<OffsetTo<SubstLookupList> > (lookupList); const OffsetTo<SubstLookupList> &list = CastR<OffsetTo<SubstLookupList> > (lookupList);
return TRACE_RETURN (list.sanitize (c, this)); return TRACE_RETURN (list.sanitize (c, this));
} }
public: public:

View File

@ -916,7 +916,8 @@ static inline bool match_lookahead (hb_apply_context_t *c,
struct LookupRecord struct LookupRecord
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -1139,7 +1140,8 @@ struct Rule
} }
public: public:
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return inputCount.sanitize (c) return inputCount.sanitize (c)
&& lookupCount.sanitize (c) && lookupCount.sanitize (c)
@ -1203,7 +1205,8 @@ struct RuleSet
return TRACE_RETURN (false); return TRACE_RETURN (false);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (rule.sanitize (c, this)); return TRACE_RETURN (rule.sanitize (c, this));
} }
@ -1285,7 +1288,8 @@ struct ContextFormat1
return TRACE_RETURN (rule_set.apply (c, lookup_context)); return TRACE_RETURN (rule_set.apply (c, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && ruleSet.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && ruleSet.sanitize (c, this));
} }
@ -1377,7 +1381,8 @@ struct ContextFormat2
return TRACE_RETURN (rule_set.apply (c, lookup_context)); return TRACE_RETURN (rule_set.apply (c, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && classDef.sanitize (c, this) && ruleSet.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && classDef.sanitize (c, this) && ruleSet.sanitize (c, this));
} }
@ -1465,7 +1470,8 @@ struct ContextFormat3
return TRACE_RETURN (context_apply_lookup (c, glyphCount, (const USHORT *) (coverageZ + 1), lookupCount, lookupRecord, lookup_context)); return TRACE_RETURN (context_apply_lookup (c, glyphCount, (const USHORT *) (coverageZ + 1), lookupCount, lookupRecord, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!c->check_struct (this)) return TRACE_RETURN (false); if (!c->check_struct (this)) return TRACE_RETURN (false);
unsigned int count = glyphCount; unsigned int count = glyphCount;
@ -1473,7 +1479,7 @@ struct ContextFormat3
if (!c->check_array (coverageZ, coverageZ[0].static_size, count)) return TRACE_RETURN (false); if (!c->check_array (coverageZ, coverageZ[0].static_size, count)) return TRACE_RETURN (false);
for (unsigned int i = 0; i < count; i++) for (unsigned int i = 0; i < count; i++)
if (!coverageZ[i].sanitize (c, this)) return TRACE_RETURN (false); if (!coverageZ[i].sanitize (c, this)) return TRACE_RETURN (false);
LookupRecord *lookupRecord = &StructAtOffset<LookupRecord> (coverageZ, coverageZ[0].static_size * count); const LookupRecord *lookupRecord = &StructAtOffset<LookupRecord> (coverageZ, coverageZ[0].static_size * count);
return TRACE_RETURN (c->check_array (lookupRecord, lookupRecord[0].static_size, lookupCount)); return TRACE_RETURN (c->check_array (lookupRecord, lookupRecord[0].static_size, lookupCount));
} }
@ -1505,7 +1511,8 @@ struct Context
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -1697,14 +1704,15 @@ struct ChainRule
lookup.array, lookup_context)); lookup.array, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!backtrack.sanitize (c)) return TRACE_RETURN (false); if (!backtrack.sanitize (c)) return TRACE_RETURN (false);
HeadlessArrayOf<USHORT> &input = StructAfter<HeadlessArrayOf<USHORT> > (backtrack); const HeadlessArrayOf<USHORT> &input = StructAfter<HeadlessArrayOf<USHORT> > (backtrack);
if (!input.sanitize (c)) return TRACE_RETURN (false); if (!input.sanitize (c)) return TRACE_RETURN (false);
ArrayOf<USHORT> &lookahead = StructAfter<ArrayOf<USHORT> > (input); const ArrayOf<USHORT> &lookahead = StructAfter<ArrayOf<USHORT> > (input);
if (!lookahead.sanitize (c)) return TRACE_RETURN (false); if (!lookahead.sanitize (c)) return TRACE_RETURN (false);
ArrayOf<LookupRecord> &lookup = StructAfter<ArrayOf<LookupRecord> > (lookahead); const ArrayOf<LookupRecord> &lookup = StructAfter<ArrayOf<LookupRecord> > (lookahead);
return TRACE_RETURN (lookup.sanitize (c)); return TRACE_RETURN (lookup.sanitize (c));
} }
@ -1766,7 +1774,8 @@ struct ChainRuleSet
return TRACE_RETURN (false); return TRACE_RETURN (false);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (rule.sanitize (c, this)); return TRACE_RETURN (rule.sanitize (c, this));
} }
@ -1845,7 +1854,8 @@ struct ChainContextFormat1
return TRACE_RETURN (rule_set.apply (c, lookup_context)); return TRACE_RETURN (rule_set.apply (c, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && ruleSet.sanitize (c, this)); return TRACE_RETURN (coverage.sanitize (c, this) && ruleSet.sanitize (c, this));
} }
@ -1955,7 +1965,8 @@ struct ChainContextFormat2
return TRACE_RETURN (rule_set.apply (c, lookup_context)); return TRACE_RETURN (rule_set.apply (c, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (coverage.sanitize (c, this) && backtrackClassDef.sanitize (c, this) && return TRACE_RETURN (coverage.sanitize (c, this) && backtrackClassDef.sanitize (c, this) &&
inputClassDef.sanitize (c, this) && lookaheadClassDef.sanitize (c, this) && inputClassDef.sanitize (c, this) && lookaheadClassDef.sanitize (c, this) &&
@ -2076,15 +2087,16 @@ struct ChainContextFormat3
lookup.len, lookup.array, lookup_context)); lookup.len, lookup.array, lookup_context));
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!backtrack.sanitize (c, this)) return TRACE_RETURN (false); if (!backtrack.sanitize (c, this)) return TRACE_RETURN (false);
OffsetArrayOf<Coverage> &input = StructAfter<OffsetArrayOf<Coverage> > (backtrack); const OffsetArrayOf<Coverage> &input = StructAfter<OffsetArrayOf<Coverage> > (backtrack);
if (!input.sanitize (c, this)) return TRACE_RETURN (false); if (!input.sanitize (c, this)) return TRACE_RETURN (false);
if (!input.len) return TRACE_RETURN (false); /* To be consistent with Context. */ if (!input.len) return TRACE_RETURN (false); /* To be consistent with Context. */
OffsetArrayOf<Coverage> &lookahead = StructAfter<OffsetArrayOf<Coverage> > (input); const OffsetArrayOf<Coverage> &lookahead = StructAfter<OffsetArrayOf<Coverage> > (input);
if (!lookahead.sanitize (c, this)) return TRACE_RETURN (false); if (!lookahead.sanitize (c, this)) return TRACE_RETURN (false);
ArrayOf<LookupRecord> &lookup = StructAfter<ArrayOf<LookupRecord> > (lookahead); const ArrayOf<LookupRecord> &lookup = StructAfter<ArrayOf<LookupRecord> > (lookahead);
return TRACE_RETURN (lookup.sanitize (c)); return TRACE_RETURN (lookup.sanitize (c));
} }
@ -2123,7 +2135,8 @@ struct ChainContext
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -2149,7 +2162,8 @@ struct ExtensionFormat1
inline unsigned int get_type (void) const { return extensionLookupType; } inline unsigned int get_type (void) const { return extensionLookupType; }
inline unsigned int get_offset (void) const { return extensionOffset; } inline unsigned int get_offset (void) const { return extensionOffset; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this)); return TRACE_RETURN (c->check_struct (this));
} }
@ -2197,7 +2211,8 @@ struct Extension
return get_subtable<typename T::LookupSubTable> ().dispatch (c, get_type ()); return get_subtable<typename T::LookupSubTable> ().dispatch (c, get_type ());
} }
inline bool sanitize_self (hb_sanitize_context_t *c) { inline bool sanitize_self (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return TRACE_RETURN (false); if (!u.format.sanitize (c)) return TRACE_RETURN (false);
switch (u.format) { switch (u.format) {
@ -2206,7 +2221,8 @@ struct Extension
} }
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!sanitize_self (c)) return TRACE_RETURN (false); if (!sanitize_self (c)) return TRACE_RETURN (false);
unsigned int offset = get_offset (); unsigned int offset = get_offset ();
@ -2262,7 +2278,8 @@ struct GSUBGPOS
inline const Lookup& get_lookup (unsigned int i) const inline const Lookup& get_lookup (unsigned int i) const
{ return (this+lookupList)[i]; } { return (this+lookupList)[i]; }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (version.sanitize (c) && likely (version.major == 1) && return TRACE_RETURN (version.sanitize (c) && likely (version.major == 1) &&
scriptList.sanitize (c, this) && scriptList.sanitize (c, this) &&

View File

@ -54,7 +54,8 @@ typedef OffsetListOf<PosLookup> JstfMax;
struct JstfPriority struct JstfPriority
{ {
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
shrinkageEnableGSUB.sanitize (c, this) && shrinkageEnableGSUB.sanitize (c, this) &&
@ -123,7 +124,8 @@ struct JstfPriority
struct JstfLangSys : OffsetListOf<JstfPriority> struct JstfLangSys : OffsetListOf<JstfPriority>
{ {
inline bool sanitize (hb_sanitize_context_t *c, inline bool sanitize (hb_sanitize_context_t *c,
const Record<JstfLangSys>::sanitize_closure_t * = NULL) { const Record<JstfLangSys>::sanitize_closure_t * = NULL) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (OffsetListOf<JstfPriority>::sanitize (c)); return TRACE_RETURN (OffsetListOf<JstfPriority>::sanitize (c));
} }
@ -163,7 +165,8 @@ struct JstfScript
inline const JstfLangSys& get_default_lang_sys (void) const { return this+defaultLangSys; } inline const JstfLangSys& get_default_lang_sys (void) const { return this+defaultLangSys; }
inline bool sanitize (hb_sanitize_context_t *c, inline bool sanitize (hb_sanitize_context_t *c,
const Record<JstfScript>::sanitize_closure_t * = NULL) { const Record<JstfScript>::sanitize_closure_t * = NULL) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (extenderGlyphs.sanitize (c, this) && return TRACE_RETURN (extenderGlyphs.sanitize (c, this) &&
defaultLangSys.sanitize (c, this) && defaultLangSys.sanitize (c, this) &&
@ -206,7 +209,8 @@ struct JSTF
inline bool find_script_index (hb_tag_t tag, unsigned int *index) const inline bool find_script_index (hb_tag_t tag, unsigned int *index) const
{ return scriptList.find_index (tag, index); } { return scriptList.find_index (tag, index); }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (version.sanitize (c) && likely (version.major == 1) && return TRACE_RETURN (version.sanitize (c) && likely (version.major == 1) &&
scriptList.sanitize (c, this)); scriptList.sanitize (c, this));

View File

@ -43,11 +43,13 @@ struct maxp
{ {
static const hb_tag_t tableTag = HB_OT_TAG_maxp; static const hb_tag_t tableTag = HB_OT_TAG_maxp;
inline unsigned int get_num_glyphs (void) const { inline unsigned int get_num_glyphs (void) const
{
return numGlyphs; return numGlyphs;
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
likely (version.major == 1 || (version.major == 0 && version.minor == 0x5000u))); likely (version.major == 1 || (version.major == 0 && version.minor == 0x5000u)));

View File

@ -56,7 +56,8 @@ struct NameRecord
return 0; return 0;
} }
inline bool sanitize (hb_sanitize_context_t *c, void *base) { inline bool sanitize (hb_sanitize_context_t *c, const void *base) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
/* We can check from base all the way up to the end of string... */ /* We can check from base all the way up to the end of string... */
return TRACE_RETURN (c->check_struct (this) && c->check_range ((char *) base, (unsigned int) length + offset)); return TRACE_RETURN (c->check_struct (this) && c->check_range ((char *) base, (unsigned int) length + offset));
@ -110,7 +111,8 @@ struct name
return TRACE_RETURN (true); return TRACE_RETURN (true);
} }
inline bool sanitize (hb_sanitize_context_t *c) { inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
return TRACE_RETURN (c->check_struct (this) && return TRACE_RETURN (c->check_struct (this) &&
likely (format == 0 || format == 1) && likely (format == 0 || format == 1) &&