From 4479d3a2eda57d278700f5c78414ef6ef617d2a9 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 13 Sep 2018 19:05:59 +0200
Subject: [PATCH] [dfon]t Sanitize OpenTypeFontFace

---
 src/hb-dsalgs.hh    |  6 ------
 src/hb-open-file.hh | 21 +++++++++------------
 2 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/src/hb-dsalgs.hh b/src/hb-dsalgs.hh
index 692002e9a..eb15c089e 100644
--- a/src/hb-dsalgs.hh
+++ b/src/hb-dsalgs.hh
@@ -537,12 +537,6 @@ struct hb_bytes_t
 
   inline void free (void) { ::free ((void *) arrayZ); arrayZ = nullptr; len = 0; }
 
-  template <typename Type>
-  inline const Type* as (void) const
-  {
-    return unlikely (!arrayZ) ? &Null(Type) : reinterpret_cast<const Type *> (arrayZ);
-  }
-
   inline int cmp (const hb_bytes_t &a) const
   {
     if (len != a.len)
diff --git a/src/hb-open-file.hh b/src/hb-open-file.hh
index 92dca3f89..ce39bfc9d 100644
--- a/src/hb-open-file.hh
+++ b/src/hb-open-file.hh
@@ -293,15 +293,16 @@ struct TTCHeader
 
 struct ResourceRecord
 {
-  inline const hb_bytes_t get_data (const void *data_base) const
-  { return hb_bytes_t (data_base+offset); }
+  inline const OpenTypeFontFace & get_face (const void *data_base) const
+  { return CastR<OpenTypeFontFace> ((data_base+offset).arrayZ); }
 
   inline bool sanitize (hb_sanitize_context_t *c,
 			const void *data_base) const
   {
     TRACE_SANITIZE (this);
     return_trace (c->check_struct (this) &&
-		  offset.sanitize (c, data_base));
+		  offset.sanitize (c, data_base) &&
+		  get_face (data_base).sanitize (c));
   }
 
   protected:
@@ -317,11 +318,13 @@ struct ResourceRecord
   DEFINE_SIZE_STATIC (12);
 };
 
+#define HB_TAG_sfnt HB_TAG ('s','f','n','t')
+
 struct ResourceTypeRecord
 {
-  inline unsigned int get_resource_count () const { return resCountM1 + 1; }
+  inline unsigned int get_resource_count () const { return tag == HB_TAG_sfnt ? resCountM1 + 1 : 0; }
 
-  inline bool is_sfnt () const { return tag == HB_TAG ('s','f','n','t'); }
+  inline bool is_sfnt () const { return tag == HB_TAG_sfnt; }
 
   inline const ResourceRecord& get_resource_record (unsigned int i,
 						    const void *type_base) const
@@ -409,10 +412,6 @@ struct ResourceForkHeader
     return 0;
   }
 
-  inline const hb_bytes_t get_data (const ResourceTypeRecord& type,
-				    unsigned int idx) const
-  { return (this+map).get_resource_record (type, idx).get_data (&(this+data)); }
-
   inline const OpenTypeFontFace& get_face (unsigned int idx,
 					   unsigned int *base_offset = nullptr) const
   {
@@ -423,7 +422,7 @@ struct ResourceForkHeader
       const ResourceTypeRecord& type = resource_map.get_type_record (i);
       if (type.is_sfnt () && idx < type.get_resource_count ())
       {
-	const OpenTypeFontFace &face = *get_data (type, idx).as<OpenTypeFontFace> ();
+	const OpenTypeFontFace &face = resource_map.get_resource_record (type, idx).get_face (&(this+data));
 	if (base_offset)
 	  *base_offset = (const char *) &face - (const char *) this;
 	return face;
@@ -437,8 +436,6 @@ struct ResourceForkHeader
     TRACE_SANITIZE (this);
     return_trace (c->check_struct (this) &&
 		  map.sanitize (c, this, &(this+data)));
-
-    // XXX Sanitize OpenTypeFontFace's
   }
 
   protected: