organicmaps/harfbuzz
13
Fork 0
mirror of https://github.com/harfbuzz/harfbuzz.git synced 2025-04-05 21:45:06 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions 7

[sanitize] Add remaining hb_barrier() annotations

Browse source 
I'm sure I've forgot some. But this is a good start.
This commit is contained in:
Behdad Esfahbod 2023-11-04 15:02:28 -06:00
parent 3a9262cc3d
commit 7ee7e2e340
23 changed files with 93 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/hb-ot-cmap-table.hh
View file

@ -556,6 +556,7 @@ struct CmapSubtableFormat4
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this)))
return_trace (false);
hb_barrier ();
if (unlikely (!c->check_range (this, length)))
{
@ -1427,6 +1428,7 @@ struct CmapSubtable
{
TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return_trace (false);
hb_barrier ();
switch (u.format) {
case 0: return_trace (u.format0 .sanitize (c));
case 4: return_trace (u.format4 .sanitize (c));
@ -2060,6 +2062,7 @@ struct cmap
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
likely (version == 0) &&
encodingRecord.sanitize (c, this));
}

2
src/hb-ot-hdmx-table.hh
View file

@ -71,6 +71,7 @@ struct DeviceRecord
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
c->check_range (this, sizeDeviceRecord)));
}
@ -152,6 +153,7 @@ struct hdmx
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
!hb_unsigned_mul_overflows (numRecords, sizeDeviceRecord) &&
min_size + numRecords * sizeDeviceRecord > numRecords * sizeDeviceRecord &&
sizeDeviceRecord >= DeviceRecord::min_size &&

1
src/hb-ot-head-table.hh
View file

@ -103,6 +103,7 @@ struct head
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
version.major == 1 &&
magicNumber == 0x5F0F3CF5u);
}

4
src/hb-ot-hhea-table.hh
View file

@ -50,7 +50,9 @@ struct _hea
bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) && likely (version.major == 1));
return_trace (c->check_struct (this) &&
hb_barrier () &&
likely (version.major == 1));
}
public:

9
src/hb-ot-kern-table.hh
View file

@ -79,6 +79,7 @@ struct KernSubTableFormat3
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
c->check_range (kernValueZ,
kernValueCount * sizeof (FWORD) +
glyphCount * 2 +
@ -147,9 +148,10 @@ struct KernSubTable
bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
if (unlikely (!u.header.sanitize (c) ||
u.header.length < u.header.min_size ||
!c->check_range (this, u.header.length))) return_trace (false);
if (unlikely (!(u.header.sanitize (c) &&
hb_barrier () &&
u.header.length >= u.header.min_size &&
c->check_range (this, u.header.length)))) return_trace (false);
return_trace (dispatch (c));
}
@ -337,6 +339,7 @@ struct kern
{
TRACE_SANITIZE (this);
if (!u.version32.sanitize (c)) return_trace (false);
hb_barrier ();
return_trace (dispatch (c));
}

2
src/hb-ot-layout-base-table.hh
View file

@ -135,6 +135,7 @@ struct BaseCoord
{
TRACE_SANITIZE (this);
if (unlikely (!u.format.sanitize (c))) return_trace (false);
hb_barrier ();
switch (u.format) {
case 1: return_trace (u.format1.sanitize (c));
case 2: return_trace (u.format2.sanitize (c));
@ -496,6 +497,7 @@ struct BASE
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
likely (version.major == 1) &&
hAxis.sanitize (c, this) &&
vAxis.sanitize (c, this) &&

17
src/hb-ot-layout-common.hh
View file

@ -460,6 +460,7 @@ struct FeatureParamsSize
{
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return_trace (false);
hb_barrier ();
/* This subtable has some "history", if you will. Some earlier versions of
* Adobe tools calculated the offset of the FeatureParams subtable from the
@ -826,6 +827,7 @@ struct Feature
TRACE_SANITIZE (this);
if (unlikely (!(c->check_struct (this) && lookupIndex.sanitize (c))))
return_trace (false);
hb_barrier ();
/* Some earlier versions of Adobe tools calculated the offset of the
* FeatureParams subtable from the beginning of the FeatureList table!
@ -844,6 +846,7 @@ struct Feature
unsigned int orig_offset = featureParams;
if (unlikely (!featureParams.sanitize (c, this, closure ? closure->tag : HB_TAG_NONE)))
return_trace (false);
hb_barrier ();
if (featureParams == 0 && closure &&
closure->tag == HB_TAG ('s','i','z','e') &&
@ -906,7 +909,8 @@ struct Record
{
TRACE_SANITIZE (this);
const Record_sanitize_closure_t closure = {tag, base};
return_trace (c->check_struct (this) && offset.sanitize (c, base, &closure));
return_trace (c->check_struct (this) &&
offset.sanitize (c, base, &closure));
}
Tag tag; /* 4-byte Tag identifier */
@ -1407,6 +1411,7 @@ struct Lookup
{
TRACE_SANITIZE (this);
if (!(c->check_struct (this) && subTable.sanitize (c))) return_trace (false);
hb_barrier ();
unsigned subtables = get_subtable_count ();
if (unlikely (!c->visit_subtables (subtables))) return_trace (false);
@ -1422,6 +1427,8 @@ struct Lookup
if (unlikely (get_type () == TSubTable::Extension && !c->get_edit_count ()))
{
hb_barrier ();
/* The spec says all subtables of an Extension lookup should
* have the same type, which shall not be the Extension type
* itself (but we already checked for that).
@ -2172,6 +2179,7 @@ struct ClassDef
{
TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return_trace (false);
hb_barrier ();
switch (u.format) {
case 1: return_trace (u.format1.sanitize (c));
case 2: return_trace (u.format2.sanitize (c));
@ -2550,7 +2558,9 @@ struct VarRegionList
bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) && axesZ.sanitize (c, axisCount * regionCount));
return_trace (c->check_struct (this) &&
hb_barrier () &&
axesZ.sanitize (c, axisCount * regionCount));
}
bool serialize (hb_serialize_context_t *c,
@ -2744,6 +2754,7 @@ struct VarData
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
regionIndices.sanitize (c) &&
hb_barrier () &&
wordCount () <= regionIndices.len &&
c->check_range (get_delta_bytes (),
itemCount,
@ -3093,6 +3104,7 @@ struct VariationStore
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
format == 1 &&
regions.sanitize (c, this) &&
dataSets.sanitize (c, this));
@ -3442,6 +3454,7 @@ struct Condition
{
TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return_trace (false);
hb_barrier ();
switch (u.format) {
case 1: return_trace (u.format1.sanitize (c));
default:return_trace (true);

10
src/hb-ot-layout-gsubgpos.hh
View file

@ -2051,6 +2051,7 @@ struct Rule
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
c->check_range (inputZ.arrayZ,
inputZ.item_size * (inputCount ? inputCount - 1 : 0) +
LookupRecord::static_size * lookupCount));
@ -2826,6 +2827,7 @@ struct ContextFormat3
{
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return_trace (false);
hb_barrier ();
unsigned int count = glyphCount;
if (unlikely (!count)) return_trace (false); /* We want to access coverageZ[0] freely. */
if (unlikely (!c->check_array (coverageZ.arrayZ, count))) return_trace (false);
@ -3219,10 +3221,13 @@ struct ChainRule
TRACE_SANITIZE (this);
/* Hyper-optimized sanitized because this is really hot. */
if (unlikely (!backtrack.len.sanitize (c))) return_trace (false);
hb_barrier ();
const auto &input = StructAfter<decltype (inputX)> (backtrack);
if (unlikely (!input.lenP1.sanitize (c))) return_trace (false);
hb_barrier ();
const auto &lookahead = StructAfter<decltype (lookaheadX)> (input);
if (unlikely (!lookahead.len.sanitize (c))) return_trace (false);
hb_barrier ();
const auto &lookup = StructAfter<decltype (lookupX)> (lookahead);
return_trace (likely (lookup.sanitize (c)));
}
@ -4121,11 +4126,14 @@ struct ChainContextFormat3
{
TRACE_SANITIZE (this);
if (unlikely (!backtrack.sanitize (c, this))) return_trace (false);
hb_barrier ();
const auto &input = StructAfter<decltype (inputX)> (backtrack);
if (unlikely (!input.sanitize (c, this))) return_trace (false);
hb_barrier ();
if (unlikely (!input.len)) return_trace (false); /* To be consistent with Context. */
const auto &lookahead = StructAfter<decltype (lookaheadX)> (input);
if (unlikely (!lookahead.sanitize (c, this))) return_trace (false);
hb_barrier ();
const auto &lookup = StructAfter<decltype (lookupX)> (lookahead);
return_trace (likely (lookup.sanitize (c)));
}
@ -4209,6 +4217,7 @@ struct ExtensionFormat1
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
extensionLookupType != T::SubTable::Extension);
}
@ -4506,6 +4515,7 @@ struct GSUBGPOS
{
TRACE_SANITIZE (this);
if (unlikely (!u.version.sanitize (c))) return_trace (false);
hb_barrier ();
switch (u.version.major) {
case 1: return_trace (u.version1.sanitize<TLookup> (c));
#ifndef HB_NO_BEYOND_64K

1
src/hb-ot-layout-jstf-table.hh
View file

@ -214,6 +214,7 @@ struct JSTF
{
TRACE_SANITIZE (this);
return_trace (version.sanitize (c) &&
hb_barrier () &&
likely (version.major == 1) &&
scriptList.sanitize (c, this));
}

3
src/hb-ot-math-table.hh
View file

@ -333,6 +333,7 @@ struct MathKern
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
c->check_array (mathValueRecordsZ.arrayZ, 2 * heightCount + 1) &&
sanitize_math_value_records (c));
}
@ -984,6 +985,7 @@ struct MathVariants
return_trace (c->check_struct (this) &&
vertGlyphCoverage.sanitize (c, this) &&
horizGlyphCoverage.sanitize (c, this) &&
hb_barrier () &&
c->check_array (glyphConstruction.arrayZ, vertGlyphCount + horizGlyphCount) &&
sanitize_offsets (c));
}
@ -1103,6 +1105,7 @@ struct MATH
TRACE_SANITIZE (this);
return_trace (version.sanitize (c) &&
likely (version.major == 1) &&
hb_barrier () &&
mathConstants.sanitize (c, this) &&
mathGlyphInfo.sanitize (c, this) &&
mathVariants.sanitize (c, this));

3
src/hb-ot-maxp-table.hh
View file

@ -85,7 +85,7 @@ struct maxp
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this)))
return_trace (false);
hb_barrier ();
if (version.major == 1)
{
const maxpV1Tail &v1 = StructAfter<maxpV1Tail> (*this);
@ -103,6 +103,7 @@ struct maxp
maxp_prime->numGlyphs = hb_min (c->plan->num_output_glyphs (), 0xFFFFu);
if (maxp_prime->version.major == 1)
{
hb_barrier ();
const maxpV1Tail *src_v1 = &StructAfter<maxpV1Tail> (*this);
maxpV1Tail *dest_v1 = c->serializer->embed<maxpV1Tail> (src_v1);
if (unlikely (!dest_v1)) return_trace (false);

2
src/hb-ot-meta-table.hh
View file

@ -51,6 +51,7 @@ struct DataMap
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
dataZ.sanitize (c, base, dataLength)));
}
@ -101,6 +102,7 @@ struct meta
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
version == 1 &&
dataMaps.sanitize (c, this)));
}

8
src/hb-ot-os2-table.hh
View file

@ -239,6 +239,7 @@ struct OS2
if (os2_prime->version >= 2)
{
hb_barrier ();
auto *table = & const_cast<OS2V2Tail &> (os2_prime->v2 ());
HB_ADD_MVAR_VAR (HB_OT_METRICS_TAG_X_HEIGHT, sxHeight);
HB_ADD_MVAR_VAR (HB_OT_METRICS_TAG_CAP_HEIGHT, sCapHeight);
@ -334,9 +335,10 @@ struct OS2
{
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this))) return_trace (false);
if (unlikely (version >= 1 && !v1X.sanitize (c))) return_trace (false);
if (unlikely (version >= 2 && !v2X.sanitize (c))) return_trace (false);
if (unlikely (version >= 5 && !v5X.sanitize (c))) return_trace (false);
hb_barrier ();
if (unlikely (version >= 1 && hb_barrier () && !v1X.sanitize (c))) return_trace (false);
if (unlikely (version >= 2 && hb_barrier () && !v2X.sanitize (c))) return_trace (false);
if (unlikely (version >= 5 && hb_barrier () && !v5X.sanitize (c))) return_trace (false);
return_trace (true);
}

20
src/hb-ot-post-table.hh
View file

@ -122,7 +122,10 @@ struct post
}
if (glyph_names && version.major == 2)
{
hb_barrier ();
return_trace (v2X.subset (c));
}
return_trace (true);
}
@ -138,6 +141,7 @@ struct post
version = table->version.to_int ();
if (version != 0x00020000) return;
hb_barrier ();
const postV2Tail &v2 = table->v2X;
@ -217,10 +221,16 @@ struct post
unsigned int get_glyph_count () const
{
if (version == 0x00010000)
{
hb_barrier ();
return format1_names_length;
}
if (version == 0x00020000)
{
hb_barrier ();
return glyphNameIndex->len;
}
return 0;
}
@ -245,13 +255,18 @@ struct post
{
if (version == 0x00010000)
{
hb_barrier ();
if (glyph >= format1_names_length)
return hb_bytes_t ();
return format1_names (glyph);
}
if (version != 0x00020000 || glyph >= glyphNameIndex->len)
if (version != 0x00020000)
return hb_bytes_t ();
hb_barrier ();
if (glyph >= glyphNameIndex->len)
return hb_bytes_t ();
unsigned int index = glyphNameIndex->arrayZ[glyph];
@ -284,8 +299,9 @@ struct post
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
(version.to_int () == 0x00010000 ||
(version.to_int () == 0x00020000 && v2X.sanitize (c)) ||
(version.to_int () == 0x00020000 && hb_barrier () && v2X.sanitize (c)) ||
version.to_int () == 0x00030000));
}

3
src/hb-ot-stat-table.hh
View file

@ -327,6 +327,7 @@ struct AxisValueFormat4
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
axisValues.sanitize (c, axisCount)));
}
@ -416,6 +417,7 @@ struct AxisValue
TRACE_SANITIZE (this);
if (unlikely (!c->check_struct (this)))
return_trace (false);
hb_barrier ();
switch (u.format)
{
@ -560,6 +562,7 @@ struct STAT
{
TRACE_SANITIZE (this);
return_trace (likely (c->check_struct (this) &&
hb_barrier () &&
version.major == 1 &&
version.minor > 0 &&
designAxesOffset.sanitize (c, this, designAxisCount) &&

3
src/hb-ot-var-avar-table.hh
View file

@ -273,6 +273,7 @@ struct avar
{
TRACE_SANITIZE (this);
if (!(version.sanitize (c) &&
hb_barrier () &&
(version.major == 1
#ifndef HB_NO_AVAR2
|| version.major == 2
@ -293,6 +294,7 @@ struct avar
#ifndef HB_NO_AVAR2
if (version.major < 2)
return_trace (true);
hb_barrier ();
const auto &v2 = * (const avarV2Tail *) map;
if (unlikely (!v2.sanitize (c, this)))
@ -316,6 +318,7 @@ struct avar
#ifndef HB_NO_AVAR2
if (version.major < 2)
return;
hb_barrier ();
for (; count < axisCount; count++)
map = &StructAfter<SegmentMaps> (*map);

2
src/hb-ot-var-common.hh
View file

@ -119,6 +119,7 @@ struct DeltaSetIndexMapFormat01
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
c->check_range (mapDataZ.arrayZ,
mapCount,
get_width ()));
@ -191,6 +192,7 @@ struct DeltaSetIndexMap
{
TRACE_SANITIZE (this);
if (!u.format.sanitize (c)) return_trace (false);
hb_barrier ();
switch (u.format) {
case 0: return_trace (u.format0.sanitize (c));
case 1: return_trace (u.format1.sanitize (c));

3
src/hb-ot-var-cvar-table.hh
View file

@ -45,7 +45,8 @@ struct cvar
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
version.sanitize (c) && likely (version.major == 1) &&
hb_barrier () &&
likely (version.major == 1) &&
tupleVariationData.sanitize (c));
}

3
src/hb-ot-var-fvar-table.hh
View file

@ -131,6 +131,7 @@ struct InstanceRecord
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
c->check_array (coordinatesZ.arrayZ, axis_count));
}
@ -277,8 +278,10 @@ struct fvar
{
TRACE_SANITIZE (this);
return_trace (version.sanitize (c) &&
hb_barrier () &&
likely (version.major == 1) &&
c->check_struct (this) &&
hb_barrier () &&
axisSize == 20 && /* Assumed in our code. */
instanceSize >= axisCount * 4 + 4 &&
get_axes ().sanitize (c) &&

4
src/hb-ot-var-gvar-table.hh
View file

@ -296,7 +296,9 @@ struct gvar
bool sanitize_shallow (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) && (version.major == 1) &&
return_trace (c->check_struct (this) &&
hb_barrier () &&
(version.major == 1) &&
sharedTuples.sanitize (c, this, axisCount * sharedTupleCount) &&
(is_long_offset () ?
c->check_array (get_long_offset_array (), c->get_num_glyphs () + 1) :

1
src/hb-ot-var-hvar-table.hh
View file

@ -288,6 +288,7 @@ struct HVARVVAR
{
TRACE_SANITIZE (this);
return_trace (version.sanitize (c) &&
hb_barrier () &&
likely (version.major == 1) &&
varStore.sanitize (c, this) &&
advMap.sanitize (c, this) &&

2
src/hb-ot-var-mvar-table.hh
View file

@ -77,8 +77,10 @@ struct MVAR
{
TRACE_SANITIZE (this);
return_trace (version.sanitize (c) &&
hb_barrier () &&
likely (version.major == 1) &&
c->check_struct (this) &&
hb_barrier () &&
valueRecordSize >= VariationValueRecord::static_size &&
varStore.sanitize (c, this) &&
c->check_range (valuesZ.arrayZ,

1
src/hb-ot-vorg-table.hh
View file

@ -117,6 +117,7 @@ struct VORG
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this) &&
hb_barrier () &&
version.major == 1 &&
vertYOrigins.sanitize (c));
}