提交 9ac7dc73 编写于 作者: B Behdad Esfahbod

Check for (impossible) overflow

上级 9fc8684f
......@@ -322,6 +322,7 @@ struct AnchorMatrix
inline bool sanitize (SANITIZE_ARG_DEF, unsigned int cols) {
TRACE_SANITIZE ();
if (!SANITIZE_SELF ()) return false;
if (HB_UNLIKELY (cols >= ((unsigned int) -1) / rows)) return false;
unsigned int count = rows * cols;
if (!SANITIZE_ARRAY (matrix, matrix[0].get_size (), count)) return false;
for (unsigned int i = 0; i < count; i++)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册