-
Notifications
You must be signed in to change notification settings - Fork 8
/
10345.diff
167 lines (151 loc) · 5.61 KB
/
10345.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
commit f8ccb545c47abe8f0f4ed318ff7b5bf176913893
Author: Behdad Esfahbod <[email protected]>
Date: Fri Sep 14 18:59:53 2018 +0200
[dfont] Disable null-processsing for offsets
An offset to unsized arrayis not safe to be redirected to our fixed-sized
null pool. Plus, we want to reject, not repair, bad-looking dfonts.
diff --git a/src/hb-open-file.hh b/src/hb-open-file.hh
index 38610a8ec..8772c79fa 100644
--- a/src/hb-open-file.hh
+++ b/src/hb-open-file.hh
@@ -323,34 +323,34 @@ struct ResourceRecord
struct ResourceTypeRecord
{
inline unsigned int get_resource_count (void) const
{ return tag == HB_TAG_sfnt ? resCountM1 + 1 : 0; }
inline bool is_sfnt (void) const { return tag == HB_TAG_sfnt; }
inline const ResourceRecord& get_resource_record (unsigned int i,
const void *type_base) const
{
return hb_array_t<ResourceRecord> ((type_base+resourcesZ).arrayZ,
get_resource_count ()) [i];
}
inline bool sanitize (hb_sanitize_context_t *c,
const void *type_base,
const void *data_base) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
resourcesZ.sanitize (c, type_base,
get_resource_count (),
data_base));
}
protected:
Tag tag; /* Resource type. */
HBUINT16 resCountM1; /* Number of resources minus 1. */
- OffsetTo<UnsizedArrayOf<ResourceRecord> >
+ OffsetTo<UnsizedArrayOf<ResourceRecord>, HBUINT16, false>
resourcesZ; /* Offset from beginning of resource type list
* to reference item list for this type. */
public:
DEFINE_SIZE_STATIC (8);
};
@@ -358,57 +358,57 @@ struct ResourceTypeRecord
struct ResourceMap
{
inline unsigned int get_face_count (void) const
{
unsigned int count = get_type_count ();
for (unsigned int i = 0; i < count; i++)
{
const ResourceTypeRecord& type = get_type_record (i);
if (type.is_sfnt ())
return type.get_resource_count ();
}
return 0;
}
inline const OpenTypeFontFace& get_face (unsigned int idx,
const void *data_base) const
{
unsigned int count = get_type_count ();
for (unsigned int i = 0; i < count; i++)
{
const ResourceTypeRecord& type = get_type_record (i);
/* The check for idx < count is here because ResourceRecord is NOT null-safe.
* Because an offset of 0 there does NOT mean null. */
if (type.is_sfnt () && idx < type.get_resource_count ())
return type.get_resource_record (idx, &(this+typeList)).get_face (data_base);
}
return Null (OpenTypeFontFace);
}
inline bool sanitize (hb_sanitize_context_t *c, const void *data_base) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
typeList.sanitize (c, this,
&(this+typeList),
data_base));
}
private:
inline unsigned int get_type_count (void) const { return (this+typeList).lenM1 + 1; }
inline const ResourceTypeRecord& get_type_record (unsigned int i) const
{ return (this+typeList)[i]; }
protected:
HBUINT8 reserved0[16]; /* Reserved for copy of resource header */
HBUINT32 reserved1; /* Reserved for handle to next resource map */
HBUINT16 resreved2; /* Reserved for file reference number */
HBUINT16 attrs; /* Resource fork attribute */
- OffsetTo<ArrayOfM1<ResourceTypeRecord> >
+ OffsetTo<ArrayOfM1<ResourceTypeRecord>, HBUINT16, false>
typeList; /* Offset from beginning of map to
* resource type list */
Offset16 nameList; /* Offset from beginning of map to
* resource name list */
public:
DEFINE_SIZE_STATIC (28);
};
@@ -416,38 +416,38 @@ struct ResourceMap
struct ResourceForkHeader
{
inline unsigned int get_face_count (void) const
{ return (this+map).get_face_count (); }
inline const OpenTypeFontFace& get_face (unsigned int idx,
unsigned int *base_offset = nullptr) const
{
const OpenTypeFontFace &face = (this+map).get_face (idx, &(this+data));
if (base_offset)
*base_offset = (const char *) &face - (const char *) this;
return face;
}
inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
data.sanitize (c, this, dataLen) &&
map.sanitize (c, this, &(this+data)));
}
protected:
- LOffsetTo<UnsizedArrayOf<HBUINT8> >
+ LOffsetTo<UnsizedArrayOf<HBUINT8>, false>
data; /* Offset from beginning of resource fork
* to resource data */
- LOffsetTo<ResourceMap>
+ LOffsetTo<ResourceMap, false>
map; /* Offset from beginning of resource fork
* to resource map */
HBUINT32 dataLen; /* Length of resource data */
HBUINT32 mapLen; /* Length of resource map */
public:
DEFINE_SIZE_STATIC (16);
};
/*
* OpenType Font File
*/
diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index 4f16c7d34..2e1e240c6 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -306,12 +306,12 @@ struct OffsetTo : Offset<OffsetType, has_null>
/* Set the offset to Null */
inline bool neuter (hb_sanitize_context_t *c) const
{
if (!has_null) return false;
return c->try_set (this, 0);
}
DEFINE_SIZE_STATIC (sizeof(OffsetType));
};
-template <typename Type> struct LOffsetTo : OffsetTo<Type, HBUINT32> {};
+template <typename Type, bool has_null=true> struct LOffsetTo : OffsetTo<Type, HBUINT32, has_null> {};
template <typename Base, typename OffsetType, bool has_null, typename Type>
static inline const Type& operator + (const Base &base, const OffsetTo<Type, OffsetType, has_null> &offset) { return offset (base); }
template <typename Base, typename OffsetType, bool has_null, typename Type>