diff options
| author | Behdad Esfahbod <behdad@behdad.org> | 2018-10-13 12:20:33 -0400 |
|---|---|---|
| committer | Behdad Esfahbod <behdad@behdad.org> | 2018-10-13 12:20:33 -0400 |
| commit | 6d4b054234b4736ca9927268ee3e2d9a0f8f6ead (patch) | |
| tree | ffecb4dcba6b1bcabc4fc0cb5c43f0fb1d0286b3 | |
| parent | 5733113662e668a25187e0042935d955e44fb488 (diff) | |
[kerx] Use sanitizer instead of handcoded runtime sanitization
| -rw-r--r-- | src/hb-aat-layout-kerx-table.hh | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh index 2004e579..d65f3093 100644 --- a/src/hb-aat-layout-kerx-table.hh +++ b/src/hb-aat-layout-kerx-table.hh @@ -232,11 +232,9 @@ struct KerxSubTableFormat2 unsigned int l = (this+leftClassTable).get_value_or_null (left, num_glyphs); unsigned int r = (this+rightClassTable).get_value_or_null (right, num_glyphs); unsigned int offset = l + r; - const FWORD *v = &StructAtOffset<FWORD> (&(this+array), offset); - if (unlikely ((const char *) v < (const char *) &array || - (const char *) v - (const char *) this > header.length - v->static_size)) - return 0; - return *v; + const FWORD v = StructAtOffset<FWORD> (&(this+array), offset); + if (unlikely (!v.sanitize (&c->sanitizer))) return 0; + return v; } inline bool apply (hb_aat_apply_context_t *c) const @@ -481,11 +479,9 @@ struct KerxSubTableFormat6 unsigned int offset = l + r; if (unlikely (offset < l)) return 0; /* Addition overflow. */ if (unlikely (hb_unsigned_mul_overflows (offset, sizeof (FWORD32)))) return 0; - const FWORD32 *v = &StructAtOffset<FWORD32> (&(this+t.array), offset * sizeof (FWORD32)); - if (unlikely ((const char *) v < (const char *) &t.array || - (const char *) v - (const char *) this > header.length - v->static_size)) - return 0; - return *v; + const FWORD32 &v = StructAtOffset<FWORD32> (&(this+t.array), offset * sizeof (FWORD32)); + if (unlikely (!v.sanitize (&c->sanitizer))) return 0; + return v; } else { @@ -493,11 +489,9 @@ struct KerxSubTableFormat6 unsigned int l = (this+t.rowIndexTable).get_value_or_null (left, num_glyphs); unsigned int r = (this+t.columnIndexTable).get_value_or_null (right, num_glyphs); unsigned int offset = l + r; - const FWORD *v = &StructAtOffset<FWORD> (&(this+t.array), offset * sizeof (FWORD)); - if (unlikely ((const char *) v < (const char *) &t.array || - (const char *) v - (const char *) this > header.length - v->static_size)) - return 0; - return *v; + const FWORD &v = StructAtOffset<FWORD> (&(this+t.array), offset * sizeof (FWORD)); + if (unlikely (!v.sanitize (&c->sanitizer))) return 0; + return v; } } |