[HB] Add note about auditing sanitize code for overflows

author Behdad Esfahbod <behdad@behdad.org>

Fri, 14 Aug 2009 20:12:22 +0000 (16:12 -0400)

committer Behdad Esfahbod <behdad@behdad.org>

Mon, 2 Nov 2009 19:40:43 +0000 (14:40 -0500)
author Behdad Esfahbod <behdad@behdad.org>
Fri, 14 Aug 2009 20:12:22 +0000 (16:12 -0400)
committer Behdad Esfahbod <behdad@behdad.org>
Mon, 2 Nov 2009 19:40:43 +0000 (14:40 -0500)
diff --git a/src/TODO b/src/TODO

index d2b067d55e4b991edcc5d4633e8a57ec84f7023f..54560aa872efb245cea08cc500051dae4248fe2a 100644 (file)
--- a/src/TODO
+++ b/src/TODO
@@ -3,3 +3,4 @@
  - cmap14 support in get_glyph callback
  - size_t?
  - Figure out compiler selection (add test for link to libstdc++)
+- Audit sanitize for int overflows
diff --git a/src/hb-ot-layout-gpos-private.hh b/src/hb-ot-layout-gpos-private.hh

index e357b01c8be95a810c7af691b4868872a03cc1dc..6b20716d0f1a41e10084998cde8f13a11def7bff 100644 (file)
--- a/src/hb-ot-layout-gpos-private.hh
+++ b/src/hb-ot-layout-gpos-private.hh
@@ -565,7 +565,7 @@ struct PairPosFormat2
            SANITIZE_THIS2 (classDef1, classDef2) &&
            SANITIZE_MEM (values,
                          (valueFormat1.get_size () + valueFormat2.get_size ()) *
-                        class1Count * class2Count);
+                        class1Count * class2Count); /* XXX overflow (in other places too) */
    }
  
    private:
author	Behdad Esfahbod <behdad@behdad.org>
	Fri, 14 Aug 2009 20:12:22 +0000 (16:12 -0400)
committer	Behdad Esfahbod <behdad@behdad.org>
	Mon, 2 Nov 2009 19:40:43 +0000 (14:40 -0500)
src/TODO		patch \| blob \| history
src/hb-ot-layout-gpos-private.hh		patch \| blob \| history