AuroraMiddleware/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[name] Sanitize records for reals

Browse Source 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14641
This commit is contained in:
Behdad Esfahbod 2019-05-08 12:45:02 -07:00
parent 5875d775e1
commit 503748d8a8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/hb-ot-name-table.hh
View File

@ -220,7 +220,6 @@ struct name
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
const void *string_pool = (this+stringOffset).arrayZ; const void *string_pool = (this+stringOffset).arrayZ;
/* TODO: Move to run-time?! */
return_trace (nameRecordZ.sanitize (c, count, string_pool)); return_trace (nameRecordZ.sanitize (c, count, string_pool));
} }
@ -230,7 +229,8 @@ struct name
return_trace (c->check_struct (this) && return_trace (c->check_struct (this) &&
likely (format == 0 || format == 1) && likely (format == 0 || format == 1) &&
c->check_array (nameRecordZ.arrayZ, count) && c->check_array (nameRecordZ.arrayZ, count) &&
c->check_range (this, stringOffset)); c->check_range (this, stringOffset) &&
sanitize_records (c));
} }
struct accelerator_t struct accelerator_t