Mozilla bug 580233 - check for zero-length record in hb sanitizer.
Patch / report by Jonathan Kew.
This commit is contained in:
parent
17e9ff938b
commit
4f801bd658
@ -229,7 +229,7 @@ struct hb_sanitize_context_t
|
|||||||
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
|
inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
|
||||||
{
|
{
|
||||||
const char *p = (const char *) base;
|
const char *p = (const char *) base;
|
||||||
bool overflows = len >= ((unsigned int) -1) / record_size;
|
bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size;
|
||||||
|
|
||||||
if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
|
if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
|
||||||
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
|
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
|
||||||
|
Loading…
Reference in New Issue
Block a user