From 7cff75babd64cd49dd2b3faaa15193d12c098f42 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 18 May 2009 04:09:05 -0400 Subject: [PATCH] [HB] Fix context_length checking --- src/hb-ot-layout-gsubgpos-private.h | 23 +++++++++++++---------- src/hb-ot-layout-open-private.h | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/hb-ot-layout-gsubgpos-private.h b/src/hb-ot-layout-gsubgpos-private.h index df9dd9b..8d3cde7 100644 --- a/src/hb-ot-layout-gsubgpos-private.h +++ b/src/hb-ot-layout-gsubgpos-private.h @@ -79,13 +79,13 @@ static inline bool match_input (LOOKUP_ARGS_DEF, unsigned int *context_length_out) { unsigned int i, j; - - /* XXX context_length should also be checked when skipping glyphs, right? - * What does context_length really mean, anyway? */ + unsigned int end = MIN (buffer->in_length, buffer->in_pos + context_length); + if (HB_UNLIKELY (buffer->in_pos + count > end)) + return false; for (i = 1, j = buffer->in_pos + 1; i < count; i++, j++) { while (!_hb_ot_layout_check_glyph_property (layout, IN_ITEM (j), lookup_flag, &property)) { - if (HB_UNLIKELY (j + count - i == buffer->in_length)) + if (HB_UNLIKELY (j + count - i == end)) return false; j++; } @@ -105,9 +105,10 @@ static inline bool match_backtrack (LOOKUP_ARGS_DEF, match_func_t match_func, char *match_data) { - unsigned int i, j; + if (HB_UNLIKELY (buffer->out_pos < count)) + return false; - for (i = 0, j = buffer->out_pos - 1; i < count; i++, j--) { + for (unsigned int i = 0, j = buffer->out_pos - 1; i < count; i++, j--) { while (!_hb_ot_layout_check_glyph_property (layout, OUT_ITEM (j), lookup_flag, &property)) { if (HB_UNLIKELY (j + 1 == count - i)) return false; @@ -129,10 +130,13 @@ static inline bool match_lookahead (LOOKUP_ARGS_DEF, unsigned int offset) { unsigned int i, j; + unsigned int end = MIN (buffer->in_length, buffer->in_pos + context_length); + if (HB_UNLIKELY (buffer->in_pos + offset + count > end)) + return false; for (i = 0, j = buffer->in_pos + offset; i < count; i++, j++) { while (!_hb_ot_layout_check_glyph_property (layout, OUT_ITEM (j), lookup_flag, &property)) { - if (HB_UNLIKELY (j + count - i == buffer->in_length)) + if (HB_UNLIKELY (j + count - i == end)) return false; j++; } @@ -164,8 +168,8 @@ static inline bool apply_lookup (LOOKUP_ARGS_DEF, const LookupRecord *record = lookupRecord; /* XXX We have to jump non-matching glyphs when applying too, right? */ - /* XXX We don't support lookupRecord arrays that are not increasing: - * Should be easy for in_place ones at least. */ + /* TODO We don't support lookupRecord arrays that are not increasing: + * Should be easy for in_place ones at least. */ for (unsigned int i = 0; i < count;) { if (record_count && i == record->sequenceIndex) @@ -436,7 +440,6 @@ static inline bool chain_context_lookup (LOOKUP_ARGS_DEF, inputCount, input, context.funcs.match, context.match_data[1], &offset) && - (context_length -= offset, true) && match_lookahead (LOOKUP_ARGS, lookaheadCount, lookahead, context.funcs.match, context.match_data[2], diff --git a/src/hb-ot-layout-open-private.h b/src/hb-ot-layout-open-private.h index 1d025cf..31d083a 100644 --- a/src/hb-ot-layout-open-private.h +++ b/src/hb-ot-layout-open-private.h @@ -35,7 +35,7 @@ #define NO_INDEX ((unsigned int) 0xFFFF) -#define NO_CONTEXT ((unsigned int) -1) +#define NO_CONTEXT ((unsigned int) -0x20000) #define NOT_COVERED ((unsigned int) -1) #define MAX_NESTING_LEVEL 32 -- 2.7.4