Google Git
Sign in
flutter/third_party/harfbuzz/07851aae9d28fed751663c543799f2b59369f892^!/./src/hb-ot-hdmx-table.hh
commit
07851aae9d28fed751663c543799f2b59369f892
[log]
author
Garret Rieger <grieger@google.com>
Mon Mar 26 20:56:56 2018 -0600
committer
Behdad Esfahbod <behdad@behdad.org>
Mon Mar 26 19:56:56 2018 -0700
tree
29bfe55311391da2644d193229c81b13e878c4a4
parent
6f46883f5b74b206a3b77246891ab2ac57a27c4e [diff] [blame]
[subset] Couple of fixes for fuzzer discovered issues. (#924)

* [subset] sanitize individual DeviceRecord's as part of hdmx sanitization.

* [subset] Fix out of bounds read with non-two byte align glyphs.

* [subset] Just use size_device_record >= DeviceRecord::min_size.

* [subset] Add TODO.

* [subset] Re-order checks in hdmx sanitize.

diff --git a/src/hb-ot-hdmx-table.hh b/src/hb-ot-hdmx-table.hh
index 6ad57af..c0b22b2 100644
--- a/src/hb-ot-hdmx-table.hh
+++ b/src/hb-ot-hdmx-table.hh

@@ -198,6 +198,7 @@
     TRACE_SANITIZE (this);
     return_trace (c->check_struct (this) && version == 0 &&
 		  !_hb_unsigned_int_mul_overflows (num_records, size_device_record) &&
+		  size_device_record >= DeviceRecord::min_size &&
 		  c->check_range (this, get_size()));
   }