Fix possible overflow in bsearch impls
From bungeman. Fixes https://github.com/harfbuzz/harfbuzz/pull/1314
This commit is contained in:
parent
94e421abbf
commit
21ede867df
@ -321,7 +321,7 @@ hb_bsearch_r (const void *key, const void *base,
|
||||
int min = 0, max = (int) nmemb - 1;
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
const void *p = (const void *) (((const char *) base) + (mid * size));
|
||||
int c = compar (key, p, arg);
|
||||
if (c < 0)
|
||||
|
@ -702,7 +702,7 @@ struct SortedArrayOf : ArrayOf<Type, LenType>
|
||||
int min = 0, max = (int) this->len - 1;
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
int c = arr[mid].cmp (x);
|
||||
if (c < 0)
|
||||
max = mid - 1;
|
||||
@ -825,7 +825,7 @@ struct VarSizedBinSearchArrayOf
|
||||
int min = 0, max = (int) header.nUnits - 1;
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
const Type *p = (const Type *) (((const char *) &bytesZ) + (mid * size));
|
||||
int c = p->cmp (key);
|
||||
if (c < 0)
|
||||
|
@ -249,7 +249,7 @@ struct CmapSubtableFormat4
|
||||
unsigned int i;
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
if (codepoint < startCount[mid])
|
||||
max = mid - 1;
|
||||
else if (codepoint > endCount[mid])
|
||||
|
@ -663,7 +663,7 @@ struct PairSet
|
||||
int min = 0, max = (int) count - 1;
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
const PairValueRecord *record = &StructAtOffset<PairValueRecord> (&firstPairValueRecord, record_size * mid);
|
||||
hb_codepoint_t mid_x = record->secondGlyph;
|
||||
if (x < mid_x)
|
||||
|
@ -232,7 +232,7 @@ struct hb_vector_t
|
||||
const Type *array = this->arrayZ();
|
||||
while (min <= max)
|
||||
{
|
||||
int mid = (min + max) / 2;
|
||||
int mid = ((unsigned int) min + (unsigned int) max) / 2;
|
||||
int c = array[mid].cmp (&x);
|
||||
if (c < 0)
|
||||
max = mid - 1;
|
||||
|
Loading…
Reference in New Issue
Block a user