From 333173103bb618f721bd25d0c565a3c3c9ea224e Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Mon, 8 Aug 2016 17:24:04 -0700
Subject: [PATCH] Fix sign of shift operators

This one:

  map->mask = (1 << (next_bit + bits_needed)) - (1 << next_bit);

before the fix, the shift was done as an int, causing overflow
if it ever got to 1 << 31.  Sprinkle 'u's around.

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=634805
---
 src/hb-buffer-private.hh | 6 +++---
 src/hb-cache-private.hh  | 8 ++++----
 src/hb-coretext.cc       | 2 +-
 src/hb-directwrite.cc    | 2 +-
 src/hb-face.cc           | 2 --
 src/hb-font.cc           | 2 --
 src/hb-ft.cc             | 6 ++++--
 src/hb-ot-map.cc         | 4 ++--
 src/hb-set-private.hh    | 4 ++--
 src/hb-uniscribe.cc      | 4 ++--
 10 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/src/hb-buffer-private.hh b/src/hb-buffer-private.hh
index ed592f4..bca308d 100644
--- a/src/hb-buffer-private.hh
+++ b/src/hb-buffer-private.hh
@@ -134,7 +134,7 @@ struct hb_buffer_t {
 #ifndef HB_NDEBUG
     unsigned int end = start + count;
     assert (end <= 8);
-    unsigned int bits = (1<<end) - (1<<start);
+    unsigned int bits = (1u<<end) - (1u<<start);
     assert (0 == (allocated_var_bits & bits));
     allocated_var_bits |= bits;
 #endif
@@ -144,7 +144,7 @@ struct hb_buffer_t {
 #ifndef HB_NDEBUG
     unsigned int end = start + count;
     assert (end <= 8);
-    unsigned int bits = (1<<end) - (1<<start);
+    unsigned int bits = (1u<<end) - (1u<<start);
     assert (bits == (allocated_var_bits & bits));
     allocated_var_bits &= ~bits;
 #endif
@@ -154,7 +154,7 @@ struct hb_buffer_t {
 #ifndef HB_NDEBUG
     unsigned int end = start + count;
     assert (end <= 8);
-    unsigned int bits = (1<<end) - (1<<start);
+    unsigned int bits = (1u<<end) - (1u<<start);
     assert (bits == (allocated_var_bits & bits));
 #endif
   }
diff --git a/src/hb-cache-private.hh b/src/hb-cache-private.hh
index 19b70b7..24957e1 100644
--- a/src/hb-cache-private.hh
+++ b/src/hb-cache-private.hh
@@ -45,11 +45,11 @@ struct hb_cache_t
 
   inline bool get (unsigned int key, unsigned int *value)
   {
-    unsigned int k = key & ((1<<cache_bits)-1);
+    unsigned int k = key & ((1u<<cache_bits)-1);
     unsigned int v = values[k];
     if ((v >> value_bits) != (key >> cache_bits))
       return false;
-    *value = v & ((1<<value_bits)-1);
+    *value = v & ((1u<<value_bits)-1);
     return true;
   }
 
@@ -57,14 +57,14 @@ struct hb_cache_t
   {
     if (unlikely ((key >> key_bits) || (value >> value_bits)))
       return false; /* Overflows */
-    unsigned int k = key & ((1<<cache_bits)-1);
+    unsigned int k = key & ((1u<<cache_bits)-1);
     unsigned int v = ((key>>cache_bits)<<value_bits) | value;
     values[k] = v;
     return true;
   }
 
   private:
-  unsigned int values[1<<cache_bits];
+  unsigned int values[1u<<cache_bits];
 };
 
 typedef hb_cache_t<21, 16, 8> hb_cmap_cache_t;
diff --git a/src/hb-coretext.cc b/src/hb-coretext.cc
index c505373..3e56f15 100644
--- a/src/hb-coretext.cc
+++ b/src/hb-coretext.cc
@@ -725,7 +725,7 @@ _hb_coretext_shape (hb_shape_plan_t    *shape_plan,
       pchars[chars_len++] = 0xFFFDu;
     else {
       pchars[chars_len++] = 0xD800u + ((c - 0x10000u) >> 10);
-      pchars[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1 << 10) - 1));
+      pchars[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1u << 10) - 1));
     }
   }
 
diff --git a/src/hb-directwrite.cc b/src/hb-directwrite.cc
index 09889d0..6846a86 100644
--- a/src/hb-directwrite.cc
+++ b/src/hb-directwrite.cc
@@ -586,7 +586,7 @@ _hb_directwrite_shape(hb_shape_plan_t    *shape_plan,
       textString[chars_len++] = 0xFFFDu;
     else {
       textString[chars_len++] = 0xD800u + ((c - 0x10000u) >> 10);
-      textString[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1 << 10) - 1));
+      textString[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1u << 10) - 1));
     }
   }
 
diff --git a/src/hb-face.cc b/src/hb-face.cc
index 9effc41..6b563bc 100644
--- a/src/hb-face.cc
+++ b/src/hb-face.cc
@@ -35,8 +35,6 @@
 #include "hb-ot-head-table.hh"
 #include "hb-ot-maxp-table.hh"
 
-#include "hb-cache-private.hh"
-
 #include <string.h>
 
 
diff --git a/src/hb-font.cc b/src/hb-font.cc
index 60554b9..08fcd64 100644
--- a/src/hb-font.cc
+++ b/src/hb-font.cc
@@ -35,8 +35,6 @@
 #include "hb-ot-head-table.hh"
 #include "hb-ot-maxp-table.hh"
 
-#include "hb-cache-private.hh"
-
 #include <string.h>
 
 
diff --git a/src/hb-ft.cc b/src/hb-ft.cc
index eaa1311..2b06c59 100644
--- a/src/hb-ft.cc
+++ b/src/hb-ft.cc
@@ -33,6 +33,8 @@
 
 #include "hb-font-private.hh"
 
+#include "hb-cache-private.hh" // Maybe use in the future?
+
 #include FT_ADVANCES_H
 #include FT_TRUETYPE_TABLES_H
 
@@ -606,8 +608,8 @@ hb_ft_font_create (FT_Face           ft_face,
   hb_face_destroy (face);
   _hb_ft_font_set_funcs (font, ft_face, false);
   hb_font_set_scale (font,
-		     (int) (((uint64_t) ft_face->size->metrics.x_scale * (uint64_t) ft_face->units_per_EM + (1<<15)) >> 16),
-		     (int) (((uint64_t) ft_face->size->metrics.y_scale * (uint64_t) ft_face->units_per_EM + (1<<15)) >> 16));
+		     (int) (((uint64_t) ft_face->size->metrics.x_scale * (uint64_t) ft_face->units_per_EM + (1u<<15)) >> 16),
+		     (int) (((uint64_t) ft_face->size->metrics.y_scale * (uint64_t) ft_face->units_per_EM + (1u<<15)) >> 16));
 #if 0 /* hb-ft works in no-hinting model */
   hb_font_set_ppem (font,
 		    ft_face->size->metrics.x_ppem,
diff --git a/src/hb-ot-map.cc b/src/hb-ot-map.cc
index 7822cef..35550af 100644
--- a/src/hb-ot-map.cc
+++ b/src/hb-ot-map.cc
@@ -243,11 +243,11 @@ hb_ot_map_builder_t::compile (hb_ot_map_t &m)
       map->mask = 1;
     } else {
       map->shift = next_bit;
-      map->mask = (1 << (next_bit + bits_needed)) - (1 << next_bit);
+      map->mask = (1u << (next_bit + bits_needed)) - (1u << next_bit);
       next_bit += bits_needed;
       m.global_mask |= (info->default_value << map->shift) & map->mask;
     }
-    map->_1_mask = (1 << map->shift) & map->mask;
+    map->_1_mask = (1u << map->shift) & map->mask;
     map->needs_fallback = !found;
 
   }
diff --git a/src/hb-set-private.hh b/src/hb-set-private.hh
index 3c302b1..e2010d7 100644
--- a/src/hb-set-private.hh
+++ b/src/hb-set-private.hh
@@ -313,7 +313,7 @@ struct hb_set_t
     for (unsigned int i = 0; i < ELTS; i++)
       if (elts[i])
 	for (unsigned int j = 0; j < BITS; j++)
-	  if (elts[i] & (1 << j))
+	  if (elts[i] & (1u << j))
 	    return i * BITS + j;
     return INVALID;
   }
@@ -322,7 +322,7 @@ struct hb_set_t
     for (unsigned int i = ELTS; i; i--)
       if (elts[i - 1])
 	for (unsigned int j = BITS; j; j--)
-	  if (elts[i - 1] & (1 << (j - 1)))
+	  if (elts[i - 1] & (1u << (j - 1)))
 	    return (i - 1) * BITS + (j - 1);
     return INVALID;
   }
diff --git a/src/hb-uniscribe.cc b/src/hb-uniscribe.cc
index 7fda678..07007a6 100644
--- a/src/hb-uniscribe.cc
+++ b/src/hb-uniscribe.cc
@@ -771,7 +771,7 @@ retry:
       pchars[chars_len++] = 0xFFFDu;
     else {
       pchars[chars_len++] = 0xD800u + ((c - 0x10000u) >> 10);
-      pchars[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1 << 10) - 1));
+      pchars[chars_len++] = 0xDC00u + ((c - 0x10000u) & ((1u << 10) - 1));
     }
   }
 
@@ -827,7 +827,7 @@ retry:
 
   /* MinGW32 doesn't define fMergeNeutralItems, so we bruteforce */
   //bidi_control.fMergeNeutralItems = true;
-  *(uint32_t*)&bidi_control |= 1<<24;
+  *(uint32_t*)&bidi_control |= 1u<<24;
 
   bidi_state.uBidiLevel = HB_DIRECTION_IS_FORWARD (buffer->props.direction) ? 0 : 1;
   bidi_state.fOverrideDirection = 1;
-- 
2.7.4