[HB] Add note about auditing sanitize code for overflows

5769538a · Behdad Esfahbod · 15232e26 · 5769538a · 5769538a
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

src/TODO src/TODO +1 -0

src/hb-ot-layout-gpos-private.hh src/hb-ot-layout-gpos-private.hh +1 -1

未找到文件。
--- a/src/TODO
+++ b/src/TODO
@@ -3,3 +3,4 @@
 - cmap14 support in get_glyph callback
 - size_t?
 - Figure out compiler selection (add test for link to libstdc++)
+- Audit sanitize for int overflows
--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -565,7 +565,7 @@ struct PairPosFormat2
 	   SANITIZE_THIS2 (classDef1, classDef2) &&
 	   SANITIZE_MEM (values,
 			 (valueFormat1.get_size () + valueFormat2.get_size ()) *
-			 class1Count * class2Count);
+			 class1Count * class2Count); /* XXX overflow (in other places too) */
  }

  private: