src/hb-aat-layout-common-private.hh | 43 +++++++++++++++++++++++++++++++++--- src/hb-open-type-private.hh | 4 +-- 2 files changed, 42 insertions(+), 5 deletions(-)
New commits: commit 9b82aa19d812e70b7fade4b7669a9ce27855951e Author: Behdad Esfahbod <beh...@behdad.org> Date: Thu Jan 11 18:19:42 2018 +0100 More warning fixes diff --git a/src/hb-open-type-private.hh b/src/hb-open-type-private.hh index 6d8bc6cb..736497d9 100644 --- a/src/hb-open-type-private.hh +++ b/src/hb-open-type-private.hh @@ -1041,12 +1041,12 @@ struct SortedArrayOf : ArrayOf<Type, LenType> inline int bsearch (const SearchType &x) const { /* Hand-coded bsearch here since this is in the hot inner loop. */ - const Type *array = this->array; + const Type *arr = this->array; int min = 0, max = (int) this->len - 1; while (min <= max) { int mid = (min + max) / 2; - int c = array[mid].cmp (x); + int c = arr[mid].cmp (x); if (c < 0) max = mid - 1; else if (c > 0) commit 680cbc2eb325edc6b8562f39485b146aa56b3872 Author: Behdad Esfahbod <beh...@behdad.org> Date: Thu Jan 11 18:15:53 2018 +0100 [aat] Sanitize StateTable diff --git a/src/hb-aat-layout-common-private.hh b/src/hb-aat-layout-common-private.hh index 887350bb..4d2285a8 100644 --- a/src/hb-aat-layout-common-private.hh +++ b/src/hb-aat-layout-common-private.hh @@ -552,18 +552,55 @@ struct StateTable inline const Entry<Extra> *get_entry (unsigned int state, unsigned int klass) const { + if (unlikely (klass >= nClasses)) return nullptr; + const HBUSHORT *states = (this+stateArrayTable).arrayZ; const Entry<Extra> *entries = (this+entryTable).arrayZ; - unsigned int entry = states[state * nClasses + klass]; /* XXX bound check. */ + unsigned int entry = states[state * nClasses + klass]; - return &entries[entry]; /* XXX bound check. */ + return &entries[entry]; } inline bool sanitize (hb_sanitize_context_t *c) const { TRACE_SANITIZE (this); - return_trace (c->check_struct (this)); /* XXX */ + if (unlikely (!c->check_struct (this))) return_trace (false); + + const HBUSHORT *states = (this+stateArrayTable).arrayZ; + const Entry<Extra> *entries = (this+entryTable).arrayZ; + + unsigned int num_states = 1; + unsigned int num_entries = 0; + + unsigned int state = 0; + unsigned int entry = 0; + while (state < num_states) + { + if (unlikely (!c->check_array (states + state * nClasses, + states[0].static_size, + nClasses * (num_states - state)))) + return_trace (false); + { /* Sweep new states. */ + const HBUSHORT *stop = &states[num_states * nClasses]; + for (const HBUSHORT *p = &states[state * nClasses]; p < stop; p++) + num_entries = MAX<unsigned int> (num_entries, *p + 1); + state = num_states; + } + + if (unlikely (!c->check_array (entries + entry, + entries[0].static_size, + num_entries - entry))) + return_trace (false); + { /* Sweep new entries. */ + const Entry<Extra> *stop = &entries[num_entries]; + for (const Entry<Extra> *p = &entries[entry]; p < stop; p++) + num_states = MAX<unsigned int> (num_states, p->newState + 1); + entry = num_entries; + } + } + + return_trace (true); } protected: _______________________________________________ HarfBuzz mailing list HarfBuzz@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/harfbuzz