Add _hb_unsigned_int_mul_overflows

080a0eb7 · Behdad Esfahbod · 1d39d6e4 · 080a0eb7 · 080a0eb7 · 080a0eb7
4 changed file
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@@ -77,19 +77,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
  unsigned int new_allocated = buffer->allocated;
  hb_glyph_position_t *new_pos = NULL;
  hb_glyph_info_t *new_info = NULL;
-  bool overflows = FALSE;
  bool separate_out = buffer->out_info != buffer->info;
-  overflows = size >= ((unsigned int) -1) / sizeof (buffer->info[0]);
+  if (unlikely (_hb_unsigned_int_mul_overflows (size, sizeof (buffer->info[0]))))
-  if (unlikely (overflows))
    goto done;
  while (size > new_allocated)
    new_allocated += (new_allocated >> 1) + 32;
  ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
-  overflows = new_allocated >= ((unsigned int) -1) / sizeof (buffer->info[0]);
+  if (unlikely (_hb_unsigned_int_mul_overflows (new_allocated, sizeof (buffer->info[0]))))
-  if (unlikely (overflows))
    goto done;
  new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));

--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -231,7 +231,7 @@ struct hb_sanitize_context_t
  inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
  {
    const char *p = (const char *) base;
-    bool overflows = record_size > 0 && len >= ((unsigned int) -1) / record_size;
+    bool overflows = _hb_unsigned_int_mul_overflows (len, record_size);
    (void) (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE &&
      fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n",

--- a/src/hb-ot-layout-gsub-private.hh
+++ b/src/hb-ot-layout-gsub-private.hh
@@ -409,7 +409,7 @@ struct Ligature
  inline uint16_t allocate_lig_id (hb_buffer_t *buffer) const {
    uint16_t lig_id = buffer->next_serial ();
-    if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflows */
+    if (unlikely (!lig_id)) lig_id = buffer->next_serial (); /* in case of overflow */
    return lig_id;
  }

--- a/src/hb-private.hh
+++ b/src/hb-private.hh
@@ -210,6 +210,13 @@ _hb_ctz (unsigned int number)
 #endif
 }
+static inline bool
+_hb_unsigned_int_mul_overflows (unsigned int count, unsigned int size)
+{
+  return (size > 0) && (count >= ((unsigned int) -1) / size);
+}
 /* Type of bsearch() / qsort() compare function */
 typedef int (*hb_compare_func_t) (const void *, const void *);
@@ -297,7 +304,7 @@ struct hb_static_array_t {
 	array = new_array;
      }
    } else {
-      bool overflows = (new_allocated < allocated) || (new_allocated >= ((unsigned int) -1) / sizeof (Type));
+      bool overflows = (new_allocated < allocated) || _hb_unsigned_int_mul_overflows (new_allocated, sizeof (Type));
      if (unlikely (overflows))
        new_array = NULL;
      else