-
Notifications
You must be signed in to change notification settings - Fork 8
/
10341.diff
70 lines (63 loc) · 2.31 KB
/
10341.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
commit 67449c39331babb88f7d29d737895d786cd5da33
Author: Behdad Esfahbod <[email protected]>
Date: Fri Sep 14 10:58:00 2018 +0200
Don't dereference offset before check_struct()
diff --git a/src/hb-open-file.hh b/src/hb-open-file.hh
index a1f931d3c..38610a8ec 100644
--- a/src/hb-open-file.hh
+++ b/src/hb-open-file.hh
@@ -358,58 +358,57 @@ struct ResourceTypeRecord
struct ResourceMap
{
inline unsigned int get_face_count (void) const
{
unsigned int count = get_type_count ();
for (unsigned int i = 0; i < count; i++)
{
const ResourceTypeRecord& type = get_type_record (i);
if (type.is_sfnt ())
return type.get_resource_count ();
}
return 0;
}
inline const OpenTypeFontFace& get_face (unsigned int idx,
const void *data_base) const
{
unsigned int count = get_type_count ();
for (unsigned int i = 0; i < count; i++)
{
const ResourceTypeRecord& type = get_type_record (i);
/* The check for idx < count is here because ResourceRecord is NOT null-safe.
* Because an offset of 0 there does NOT mean null. */
if (type.is_sfnt () && idx < type.get_resource_count ())
return type.get_resource_record (idx, &(this+typeList)).get_face (data_base);
}
return Null (OpenTypeFontFace);
}
inline bool sanitize (hb_sanitize_context_t *c, const void *data_base) const
{
TRACE_SANITIZE (this);
- const void *type_base = &(this+typeList);
return_trace (c->check_struct (this) &&
typeList.sanitize (c, this,
- type_base,
+ &(this+typeList),
data_base));
}
private:
inline unsigned int get_type_count (void) const { return (this+typeList).lenM1 + 1; }
inline const ResourceTypeRecord& get_type_record (unsigned int i) const
{ return (this+typeList)[i]; }
protected:
HBUINT8 reserved0[16]; /* Reserved for copy of resource header */
HBUINT32 reserved1; /* Reserved for handle to next resource map */
HBUINT16 resreved2; /* Reserved for file reference number */
HBUINT16 attrs; /* Resource fork attribute */
OffsetTo<ArrayOfM1<ResourceTypeRecord> >
typeList; /* Offset from beginning of map to
* resource type list */
Offset16 nameList; /* Offset from beginning of map to
* resource name list */
public:
DEFINE_SIZE_STATIC (28);
};