diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh index 8191df4ca..adc7538c9 100644 --- a/src/hb-aat-layout-common.hh +++ b/src/hb-aat-layout-common.hh @@ -557,7 +557,9 @@ struct StateTable /* Negative states. */ if (unlikely (hb_unsigned_mul_overflows (min_state, num_classes))) return_trace (false); - if (unlikely (!c->check_array (&states[min_state * num_classes], -min_state, row_stride))) + if (unlikely (!c->check_range (&states[min_state * num_classes], + -min_state, + row_stride))) return_trace (false); if ((c->max_ops -= state_neg - min_state) < 0) return_trace (false); @@ -574,7 +576,9 @@ struct StateTable if (state_pos <= max_state) { /* Positive states. */ - if (unlikely (!c->check_array (states, max_state + 1, row_stride))) + if (unlikely (!c->check_range (states, + max_state + 1, + row_stride))) return_trace (false); if ((c->max_ops -= max_state - state_pos + 1) < 0) return_trace (false); diff --git a/src/hb-machinery.hh b/src/hb-machinery.hh index 6155c0128..fa2c7b3a1 100644 --- a/src/hb-machinery.hh +++ b/src/hb-machinery.hh @@ -317,22 +317,37 @@ struct hb_sanitize_context_t : } template - inline bool check_array (const T *base, - unsigned int len, - unsigned int record_size = T::static_size) const + inline bool check_range (const T *base, + unsigned int a, + unsigned int b) const { - return !hb_unsigned_mul_overflows (len, record_size) && - this->check_range (base, len * record_size); + return !hb_unsigned_mul_overflows (a, b) && + this->check_range (base, a * b); + } + + template + inline bool check_range (const T *base, + unsigned int a, + unsigned int b, + unsigned int c) const + { + return !hb_unsigned_mul_overflows (a, b) && + this->check_range (base, a * b, c); + } + + template + inline bool check_array (const T *base, + unsigned int len) const + { + return this->check_range (base, len, T::static_size); } template inline bool check_array2 (const T *base, unsigned int a, - unsigned int b, - unsigned int record_size = T::static_size) const + unsigned int b) const { - return !hb_unsigned_mul_overflows (a, b) && - this->check_array (base, a * b, record_size); + return this->check_range (base, a * b, T::static_size); } template diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh index 14506180f..3f8e2c08a 100644 --- a/src/hb-open-type.hh +++ b/src/hb-open-type.hh @@ -887,7 +887,9 @@ struct VarSizedBinSearchArrayOf TRACE_SANITIZE (this); return_trace (header.sanitize (c) && Type::static_size <= header.unitSize && - c->check_array (bytesZ.arrayZ, header.nUnits, header.unitSize)); + c->check_range (bytesZ.arrayZ, + header.nUnits, + header.unitSize)); } protected: diff --git a/src/hb-ot-layout-common.hh b/src/hb-ot-layout-common.hh index 7b1d39aa0..2ffb7c26d 100644 --- a/src/hb-ot-layout-common.hh +++ b/src/hb-ot-layout-common.hh @@ -1566,8 +1566,9 @@ struct VarData return_trace (c->check_struct (this) && regionIndices.sanitize(c) && shortCount <= regionIndices.len && - c->check_array (&StructAfter (regionIndices), - itemCount, get_row_size ())); + c->check_range (&StructAfter (regionIndices), + itemCount, + get_row_size ())); } protected: diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh index cf735c301..fb6f6d0f6 100644 --- a/src/hb-ot-layout-gpos-table.hh +++ b/src/hb-ot-layout-gpos-table.hh @@ -207,7 +207,7 @@ struct ValueFormat : HBUINT16 TRACE_SANITIZE (this); unsigned int len = get_len (); - if (!c->check_array (values, count, get_size ())) return_trace (false); + if (!c->check_range (values, count, get_size ())) return_trace (false); if (!has_device ()) return_trace (true); @@ -706,7 +706,10 @@ struct PairSet { TRACE_SANITIZE (this); if (!(c->check_struct (this) - && c->check_array (&firstPairValueRecord, len, HBUINT16::static_size * closure->stride))) return_trace (false); + && c->check_range (&firstPairValueRecord, + len, + HBUINT16::static_size, + closure->stride))) return_trace (false); unsigned int count = len; const PairValueRecord *record = &firstPairValueRecord; @@ -879,7 +882,9 @@ struct PairPosFormat2 unsigned int stride = len1 + len2; unsigned int record_size = valueFormat1.get_size () + valueFormat2.get_size (); unsigned int count = (unsigned int) class1Count * (unsigned int) class2Count; - return_trace (c->check_array ((const void *) values, count, record_size) && + return_trace (c->check_range ((const void *) values, + count, + record_size) && valueFormat1.sanitize_values_stride_unsafe (c, this, &values[0], count, stride) && valueFormat2.sanitize_values_stride_unsafe (c, this, &values[len1], count, stride)); } diff --git a/src/hb-ot-var-hvar-table.hh b/src/hb-ot-var-hvar-table.hh index 66e086e1d..62a6547b5 100644 --- a/src/hb-ot-var-hvar-table.hh +++ b/src/hb-ot-var-hvar-table.hh @@ -39,7 +39,9 @@ struct DeltaSetIndexMap { TRACE_SANITIZE (this); return_trace (c->check_struct (this) && - c->check_array (mapDataZ.arrayZ, mapCount, get_width ())); + c->check_range (mapDataZ.arrayZ, + mapCount, + get_width ())); } unsigned int map (unsigned int v) const /* Returns 16.16 outer.inner. */ diff --git a/src/hb-ot-var-mvar-table.hh b/src/hb-ot-var-mvar-table.hh index 5d6b55954..b16a09b3d 100644 --- a/src/hb-ot-var-mvar-table.hh +++ b/src/hb-ot-var-mvar-table.hh @@ -68,7 +68,9 @@ struct MVAR c->check_struct (this) && valueRecordSize >= VariationValueRecord::static_size && varStore.sanitize (c, this) && - c->check_array (valuesZ.arrayZ, valueRecordCount, valueRecordSize)); + c->check_range (valuesZ.arrayZ, + valueRecordCount, + valueRecordSize)); } inline float get_var (hb_tag_t tag,