projects / platform / upstream / libHarfBuzzSharp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5875d77)
[name] Sanitize records for reals
authorBehdad Esfahbod <behdad@behdad.org>
Wed, 8 May 2019 19:45:02 +0000 (12:45 -0700)
committerBehdad Esfahbod <behdad@behdad.org>
Wed, 8 May 2019 19:45:02 +0000 (12:45 -0700)
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14641

src/hb-ot-name-table.hh patch | blob | history

diff --git a/src/hb-ot-name-table.hh b/src/hb-ot-name-table.hh
index 4e4da74..1c8f544 100644 (file)
--- a/src/hb-ot-name-table.hh
+++ b/src/hb-ot-name-table.hh
@@ -220,7 +220,6 @@ struct name
   {
     TRACE_SANITIZE (this);
     const void *string_pool = (this+stringOffset).arrayZ;
-    /* TODO: Move to run-time?! */
     return_trace (nameRecordZ.sanitize (c, count, string_pool));
   }
 
@@ -230,7 +229,8 @@ struct name
     return_trace (c->check_struct (this) &&
                  likely (format == 0 || format == 1) &&
                  c->check_array (nameRecordZ.arrayZ, count) &&
-                 c->check_range (this, stringOffset));
+                 c->check_range (this, stringOffset) &&
+                 sanitize_records (c));
   }
 
   struct accelerator_t
Domain: Dotnet / API;