From 70110f6aaac541bc157eb5612b476d3b906b5d2a Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 31 Mar 2021 17:04:02 -0600
Subject: [PATCH] Modify OffsetTo<>::sanitize() overflow check

The code in question was introduced in 70eb2ff682.
Rewrite it to not call sanitizer check_range() as we want to use
check_range() for byte accounting.

Part of https://github.com/harfbuzz/harfbuzz/pull/2923
---
 src/hb-open-type.hh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index ab25e9671..42eb8af05 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -387,7 +387,7 @@ struct OffsetTo : Offset<OffsetType, has_null>
     TRACE_SANITIZE (this);
     if (unlikely (!c->check_struct (this))) return_trace (false);
     if (unlikely (this->is_null ())) return_trace (true);
-    if (unlikely (!c->check_range (base, *this))) return_trace (false);
+    if (unlikely ((const char *) base + (unsigned) *this < (const char *) base)) return_trace (false);
     return_trace (true);
   }