Disallow null-enabled offsets to unsized structures...

...like UnsizedArrayOf<>.

This fixes a class of crasher bugs, mostly with color and AAT tables.  We
cannot use nullable offsets to varsized data that does not declare min_size,
because it's nost safe to use our fixed-size null pool for types that have
their size external.  So, use non_null'able offsets for these.

A further enhancement would be to make use of min_size in Null<> itself.
Will try that after.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/hb-ot-color-cpal-table.hh b/src/hb-ot-color-cpal-table.hh
index 2c9fced0..e354ced5 100644
--- a/src/hb-ot-color-cpal-table.hh
+++ b/src/hb-ot-color-cpal-table.hh
@@ -118,15 +118,15 @@ struct CPALV1Tail
   }
 
   protected:
-  LOffsetTo<UnsizedArrayOf<HBUINT32> >
+  LOffsetTo<UnsizedArrayOf<HBUINT32>, false>
 		paletteFlagsZ;		/* Offset from the beginning of CPAL table to
 					 * the Palette Type Array. Set to 0 if no array
 					 * is provided. */
-  LOffsetTo<UnsizedArrayOf<HBUINT16> >
+  LOffsetTo<UnsizedArrayOf<HBUINT16>, false>
 		paletteLabelZ;		/* Offset from the beginning of CPAL table to
 					 * the Palette Labels Array. Set to 0 if no
 					 * array is provided. */
-  LOffsetTo<UnsizedArrayOf<HBUINT16> >
+  LOffsetTo<UnsizedArrayOf<HBUINT16>, false>
 		paletteEntryLabelZ;	/* Offset from the beginning of CPAL table to
 					 * the Palette Entry Label Array. Set to 0
 					 * if no array is provided. */
@@ -207,7 +207,7 @@ struct CPAL
   HBUINT16	numPalettes;		/* Number of palettes in the table. */
   HBUINT16	numColorRecords;	/* Total number of color records, combined for
 					 * all palettes. */
-  LOffsetTo<UnsizedArrayOf<BGRAColor> >
+  LOffsetTo<UnsizedArrayOf<BGRAColor>, false>
 		colorRecordsZ;		/* Offset from the beginning of CPAL table to
 					 * the first ColorRecord. */
   UnsizedArrayOf<HBUINT16>