walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[glyf] Try fixing undefined-behavior 

Might fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1463
This commit is contained in:
Behdad Esfahbod 2017-11-14 20:25:29 -08:00
parent 7b40876a58
commit e20e47eaa1
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/hb-ot-glyf-table.hh
View File

@ -54,11 +54,8 @@ struct loca
} }
protected: protected:
union { BYTE dataX[VAR]; /* Location data. */
USHORT shortsZ[VAR]; /* Location offset divided by 2. */ DEFINE_SIZE_ARRAY (0, dataX);
ULONG longsZ[VAR]; /* Location offset. */
} u;
DEFINE_SIZE_ARRAY (0, u.longsZ);
}; };
@ -134,13 +131,15 @@ struct glyf
unsigned int start_offset, end_offset; unsigned int start_offset, end_offset;
if (short_offset) if (short_offset)
{ {
start_offset = 2 * loca_table->u.shortsZ[glyph]; const USHORT *offsets = (const USHORT *) loca_table->dataX;
end_offset = 2 * loca_table->u.shortsZ[glyph + 1]; start_offset = 2 * offsets[glyph];
end_offset = 2 * offsets[glyph + 1];
} }
else else
{ {
start_offset = loca_table->u.longsZ[glyph]; const ULONG *offsets = (const ULONG *) loca_table->dataX;
end_offset = loca_table->u.longsZ[glyph + 1]; start_offset = offsets[glyph];
end_offset = offsets[glyph + 1];
} }
if (start_offset > end_offset || end_offset > glyf_len) if (start_offset > end_offset || end_offset > glyf_len)