From 5d80129891107c7f629c6950b5d257f2a867eee0 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Thu, 24 May 2018 11:33:15 -0700
Subject: [PATCH] Add CrapPool

Common Regoin for Access Protection.  Like the NullPool, but writable.
---
 src/dump-emoji.cc           |  1 +
 src/dump-fon.cc             |  1 +
 src/hb-open-type-private.hh | 11 +++++++++++
 src/hb-ot-layout.cc         |  1 +
 src/hb-private.hh           | 39 +++++++++++++++++++++++++++++++++----
 src/hb-subset.cc            |  1 +
 src/main.cc                 |  1 +
 7 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/src/dump-emoji.cc b/src/dump-emoji.cc
index 63af4a6a..50a929be 100644
--- a/src/dump-emoji.cc
+++ b/src/dump-emoji.cc
@@ -48,6 +48,7 @@
 
 #ifndef HB_NO_VISIBILITY
 const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
 #endif
 
 void cbdt_callback (const uint8_t* data, unsigned int length,
diff --git a/src/dump-fon.cc b/src/dump-fon.cc
index 81525f42..827de4a3 100644
--- a/src/dump-fon.cc
+++ b/src/dump-fon.cc
@@ -28,6 +28,7 @@
 
 #ifndef HB_NO_VISIBILITY
 const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
 #endif
 
 template <typename Type, int Bytes> struct LEInt;
diff --git a/src/hb-open-type-private.hh b/src/hb-open-type-private.hh
index 1c771b09..6f639dca 100644
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -932,6 +932,7 @@ struct ArrayOf
   }
   inline Type& operator [] (unsigned int i)
   {
+    if (unlikely (i >= len)) return Crap(Type);
     return arrayZ[i];
   }
   inline unsigned int get_size (void) const
@@ -1040,6 +1041,11 @@ struct OffsetListOf : OffsetArrayOf<Type>
     if (unlikely (i >= this->len)) return Null(Type);
     return this+this->arrayZ[i];
   }
+  inline const Type& operator [] (unsigned int i)
+  {
+    if (unlikely (i >= this->len)) return Crap(Type);
+    return this+this->arrayZ[i];
+  }
 
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
@@ -1064,6 +1070,11 @@ struct HeadlessArrayOf
     if (unlikely (i >= len || !i)) return Null(Type);
     return arrayZ[i-1];
   }
+  inline Type& operator [] (unsigned int i)
+  {
+    if (unlikely (i >= len || !i)) return Crap(Type);
+    return arrayZ[i-1];
+  }
   inline unsigned int get_size (void) const
   { return len.static_size + (len ? len - 1 : 0) * Type::static_size; }
 
diff --git a/src/hb-ot-layout.cc b/src/hb-ot-layout.cc
index 368a8465..67049545 100644
--- a/src/hb-ot-layout.cc
+++ b/src/hb-ot-layout.cc
@@ -48,6 +48,7 @@
 
 #ifndef HB_NO_VISIBILITY
 const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
 #endif
 
 
diff --git a/src/hb-private.hh b/src/hb-private.hh
index 4b9668e0..4318eb97 100644
--- a/src/hb-private.hh
+++ b/src/hb-private.hh
@@ -529,7 +529,7 @@ _hb_ceil_to_4 (unsigned int v)
  */
 
 /*
- * Null objects
+ * Static pools
  */
 
 /* Global nul-content Null pool.  Enlarge as necessary. */
@@ -547,7 +547,6 @@ const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)]
 = {}
 #endif
 ;
-
 /* Generic nul-content Null objects. */
 template <typename Type>
 static inline const Type& Null (void) {
@@ -569,6 +568,28 @@ namespace Namespace { \
 static_assert (Namespace::Type::min_size + 1 <= sizeof (_Null##Type), "Null pool too small.  Enlarge.")
 
 
+/* Global writable pool.  Enlarge as necessary. */
+
+#ifdef HB_NO_VISIBILITY
+static
+#else
+extern HB_INTERNAL
+#endif
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)]
+#ifdef HB_NO_VISIBILITY
+= {}
+#endif
+;
+/* CRAP pool: Common Region for Access Protection. */
+template <typename Type>
+static inline Type& Crap (void) {
+  static_assert (sizeof (Type) <= HB_NULL_POOL_SIZE, "Increase HB_NULL_POOL_SIZE.");
+  Type *obj = reinterpret_cast<Type *> (_hb_CrapPool);
+  *obj = Null(Type);
+  return *obj;
+}
+#define Crap(Type) Crap<Type>()
+
 
 /* arrays and maps */
 
@@ -589,8 +610,18 @@ struct hb_vector_t
     arrayZ = static_array;
   }
 
-  inline Type& operator [] (unsigned int i) { return arrayZ[i]; }
-  inline const Type& operator [] (unsigned int i) const { return arrayZ[i]; }
+  inline Type& operator [] (unsigned int i)
+  {
+    if (unlikely (i >= len))
+      return Crap (Type);
+    return arrayZ[i];
+  }
+  inline const Type& operator [] (unsigned int i) const
+  {
+    if (unlikely (i >= len))
+      return Null (Type);
+    return arrayZ[i];
+  }
 
   inline Type *push (void)
   {
diff --git a/src/hb-subset.cc b/src/hb-subset.cc
index 98f95e02..ad273d04 100644
--- a/src/hb-subset.cc
+++ b/src/hb-subset.cc
@@ -46,6 +46,7 @@
 
 #if !defined(HB_NO_VISIBILITY) && !defined(HB_SUBSET_BUILTIN)
 const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
 #endif
 
 
diff --git a/src/main.cc b/src/main.cc
index 9a187366..f32490e7 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -39,6 +39,7 @@ using namespace OT;
 
 #ifndef HB_NO_VISIBILITY
 const void * const _hb_NullPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
+void * _hb_CrapPool[HB_NULL_POOL_SIZE / sizeof (void *)] = {};
 #endif
 
 int
-- 
GitLab