projects / platform / upstream / libHarfBuzzSharp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a6686a)
Fix assertion on address overflow
authorBehdad Esfahbod <behdad@behdad.org>
Mon, 14 Jan 2019 20:27:34 +0000 (15:27 -0500)
committerBehdad Esfahbod <behdad@behdad.org>
Mon, 14 Jan 2019 20:27:34 +0000 (15:27 -0500)
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=917031

src/hb-machinery.hh patch | blob | history

diff --git a/src/hb-machinery.hh b/src/hb-machinery.hh
index fdb7b0a..07511e1 100644 (file)
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@@ -269,9 +269,10 @@ struct hb_sanitize_context_t :
 
     const char *obj_start = (const char *) obj;
     const char *obj_end = (const char *) obj + obj->get_size ();
-    assert (obj_start <= obj_end); /* Must not overflow. */
 
-    if (unlikely (obj_end < this->start || this->end < obj_start))
+    if (unlikely (obj_end < obj_start /* Overflow. */ ||
+                 obj_end < this->start ||
+                 this->end < obj_start))
       this->start = this->end = nullptr;
     else
     {
Domain: Dotnet / API;