From 2c824d3644e16643c2bbe85fb88f9fb6fed53ce7 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Thu, 11 Oct 2018 16:41:01 -0400 Subject: [PATCH] [aat] Fix two wrongs that made a right before! Unfortunately our static asserts (DEFINE_SIZE_STATIC) don't actually fail when used in templates, thanks to SFINAE. Le sighs. Probably fixes https://oss-fuzz.com/v2/testcase-detail/5740171484463104 --- src/hb-aat-layout-common.hh | 4 ++-- src/hb-open-type.hh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh index 5be3d372e..4e3e4d17b 100644 --- a/src/hb-aat-layout-common.hh +++ b/src/hb-aat-layout-common.hh @@ -164,7 +164,7 @@ struct LookupFormat4 } protected: - HBUINT16 format; /* Format identifier--format = 2 */ + HBUINT16 format; /* Format identifier--format = 4 */ VarSizedBinSearchArrayOf > segments; /* The actual segments. These must already be sorted, * according to the first word in each one (the last @@ -187,7 +187,7 @@ struct LookupSingle GlyphID glyph; /* Last GlyphID */ T value; /* The lookup value (only one) */ public: - DEFINE_SIZE_STATIC (4 + T::static_size); + DEFINE_SIZE_STATIC (2 + T::static_size); }; template diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh index 2eae09d5c..0aea6423e 100644 --- a/src/hb-open-type.hh +++ b/src/hb-open-type.hh @@ -833,7 +833,7 @@ struct VarSizedBinSearchArrayOf { TRACE_SANITIZE (this); return_trace (header.sanitize (c) && - Type::static_size >= header.unitSize && + Type::static_size <= header.unitSize && c->check_array (bytesZ.arrayZ, header.nUnits, header.unitSize)); }