[name] Sanitize records for reals

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14641
This commit is contained in:
Behdad Esfahbod 2019-05-08 12:45:02 -07:00
parent 5875d775e1
commit 503748d8a8

View File

@ -220,7 +220,6 @@ struct name
{
TRACE_SANITIZE (this);
const void *string_pool = (this+stringOffset).arrayZ;
/* TODO: Move to run-time?! */
return_trace (nameRecordZ.sanitize (c, count, string_pool));
}
@ -230,7 +229,8 @@ struct name
return_trace (c->check_struct (this) &&
likely (format == 0 || format == 1) &&
c->check_array (nameRecordZ.arrayZ, count) &&
c->check_range (this, stringOffset));
c->check_range (this, stringOffset) &&
sanitize_records (c));
}
struct accelerator_t