AuroraMiddleware/harfbuzz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[kerx] Fix bound-checking error introduced a couple commits past

Browse Source
This commit is contained in:
Behdad Esfahbod 2018-10-10 20:41:16 -04:00
parent 339036dd97
commit ca54eba484
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/hb-aat-layout-kerx-table.hh
View File

@ -180,7 +180,7 @@ struct KerxSubTableFormat2
unsigned int offset = l + r;
const FWORD *v = &StructAtOffset<FWORD> (&(this+array), offset);
if (unlikely ((const char *) v < (const char *) &array ||
(const char *) v + v->static_size - (const char *) this <= header.length))
(const char *) v + v->static_size - (const char *) this > header.length))
return 0;
return *v;
}
@ -284,7 +284,7 @@ struct KerxSubTableFormat6
unsigned int offset = l + r;
const FWORD32 *v = &StructAtOffset<FWORD32> (&(this+t.array), offset * sizeof (FWORD32));
if (unlikely ((const char *) v < (const char *) &t.array ||
(const char *) v + v->static_size - (const char *) this <= header.length))
(const char *) v + v->static_size - (const char *) this > header.length))
return 0;
return *v;
}
@ -296,7 +296,7 @@ struct KerxSubTableFormat6
unsigned int offset = l + r;
const FWORD *v = &StructAtOffset<FWORD> (&(this+t.array), offset * sizeof (FWORD));
if (unlikely ((const char *) v < (const char *) &t.array ||
(const char *) v + v->static_size - (const char *) this <= header.length))
(const char *) v + v->static_size - (const char *) this > header.length))
return 0;
return *v;
}