[HB] Correctly sanitize LigatureAttach

3564ee52 · Behdad Esfahbod · cb71a2fb · 3564ee52 · 3564ee52 · 3564ee52
4 changed file
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -515,12 +515,15 @@ struct GenericArrayOf
  inline bool sanitize (SANITIZE_ARG_DEF) {
    SANITIZE_DEBUG ();
    if (!SANITIZE_GET_SIZE()) return false;
-    /* Note; for non-recursive types, this is not much needed
+    /* Note:
+     * for non-recursive types, this is not much needed.
+     * But we keep the code to make sure the objects pointed to
+     * do have a simple sanitize(). */
+    return true;
    unsigned int count = len;
    for (unsigned int i = 0; i < count; i++)
      if (!SANITIZE (array[i]))
        return false;
-    */
    return true;
  }
  inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
@@ -591,12 +594,15 @@ struct HeadlessArrayOf
  inline bool sanitize (SANITIZE_ARG_DEF) {
    SANITIZE_DEBUG ();
    if (!SANITIZE_GET_SIZE()) return false;
-    /* Note; for non-recursive types, this is not much needed
+    /* Note:
+     * for non-recursive types, this is not much needed.
+     * But we keep the code to make sure the objects pointed to
+     * do have a simple sanitize(). */
+    return true;
    unsigned int count = len ? len - 1 : 0;
    for (unsigned int i = 0; i < count; i++)
      if (!SANITIZE (array[i]))
        return false;
-    */
    return true;
  }

--- a/src/hb-ot-layout-common-private.hh
+++ b/src/hb-ot-layout-common-private.hh
@@ -309,6 +309,10 @@ struct OffsetListOf : OffsetArrayOf<Type>
    SANITIZE_DEBUG ();
    return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CONST_CHARP(this));
  }
+  inline bool sanitize (SANITIZE_ARG_DEF, unsigned int user_data) {
+    SANITIZE_DEBUG ();
+    return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CONST_CHARP(this), user_data);
+  }
 };
 typedef OffsetListOf<Lookup> LookupList;

--- a/src/hb-ot-layout-gdef-private.hh
+++ b/src/hb-ot-layout-gdef-private.hh
@@ -201,12 +201,12 @@ struct LigGlyph
  inline bool sanitize (SANITIZE_ARG_DEF) {
    SANITIZE_DEBUG ();
-    return SANITIZE (carets);
+    return SANITIZE_THIS (carets);
  }
  private:
  OffsetArrayOf<CaretValue>
-		carets;			/* Offset rrray of CaretValue tables
+		carets;			/* Offset array of CaretValue tables
 					 * --from beginning of LigGlyph table
 					 * --in increasing coordinate order */
 };

--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -1024,7 +1024,7 @@ typedef AnchorMatrix LigatureAttach;	/* component-major--
 					 * ordered by class--zero-based. */
 ASSERT_SIZE (LigatureAttach, 2);
-typedef OffsetArrayOf<LigatureAttach> LigatureArray;
+typedef OffsetListOf<LigatureAttach> LigatureArray;
 					/* Array of LigatureAttach
 					 * tables ordered by
 					 * LigatureCoverage Index */
@@ -1063,7 +1063,7 @@ struct MarkLigPosFormat1
    const MarkArray& mark_array = this+markArray;
    const LigatureArray& lig_array = this+ligatureArray;
-    const LigatureAttach& lig_attach = &lig_array+lig_array[lig_index];
+    const LigatureAttach& lig_attach = lig_array[lig_index];
    /* Find component to attach to */
    count = lig_attach.rows;
@@ -1108,7 +1108,7 @@ struct MarkLigPosFormat1
    SANITIZE_DEBUG ();
    return SANITIZE_SELF () &&
 	   SANITIZE_THIS2 (markCoverage, ligatureCoverage) &&
-	   SANITIZE_THIS2 (markArray, ligatureArray);
+	   SANITIZE_THIS (markArray) && ligatureArray.sanitize (SANITIZE_ARG, CONST_CHARP(this), classCount);
  }
  private: