Sanitize (Headless)ArrayOf()::len to ensure it doesn't use offsets

aca378f5 · Behdad Esfahbod · 5f047113 · aca378f5
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

src/hb-open-type-private.hh src/hb-open-type-private.hh +2 -2

未找到文件。
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -946,7 +946,7 @@ struct ArrayOf
  inline bool sanitize_shallow (hb_sanitize_context_t *c) const
  {
    TRACE_SANITIZE (this);
-    return_trace (c->check_struct (this) && c->check_array (array, Type::static_size, len));
+    return_trace (len.sanitize (c) && c->check_array (array, Type::static_size, len));
  }

  public:
@@ -1033,7 +1033,7 @@ struct HeadlessArrayOf
  inline bool sanitize_shallow (hb_sanitize_context_t *c) const
  {
    TRACE_SANITIZE (this);
-    return_trace (c->check_struct (this) &&
+    return_trace (len.sanitize (c) &&
 		  (!len || c->check_array (array, Type::static_size, len - 1)));
  }