Check for (impossible) overflow

9ac7dc73 · Behdad Esfahbod · 9fc8684f · 9ac7dc73
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

src/hb-ot-layout-gpos-private.hh src/hb-ot-layout-gpos-private.hh +1 -0

未找到文件。
--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -322,6 +322,7 @@ struct AnchorMatrix
  inline bool sanitize (SANITIZE_ARG_DEF, unsigned int cols) {
    TRACE_SANITIZE ();
    if (!SANITIZE_SELF ()) return false;
+    if (HB_UNLIKELY (cols >= ((unsigned int) -1) / rows)) return false;
    unsigned int count = rows * cols;
    if (!SANITIZE_ARRAY (matrix, matrix[0].get_size (), count)) return false;
    for (unsigned int i = 0; i < count; i++)