[pango/harfbuzz-ng: 37/57] [HB] More sanitize()
- From: Behdad Esfahbod <behdad src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [pango/harfbuzz-ng: 37/57] [HB] More sanitize()
- Date: Tue, 4 Aug 2009 20:04:28 +0000 (UTC)
commit f786c9d501099f3c989fb6e34469381f4be8681f
Author: Behdad Esfahbod <behdad behdad org>
Date: Tue Aug 4 02:09:34 2009 -0400
[HB] More sanitize()
pango/opentype/hb-open-file-private.hh | 2 +-
pango/opentype/hb-open-types-private.hh | 12 +++--
pango/opentype/hb-ot-layout-common-private.hh | 64 ++++++++++++++++++++---
pango/opentype/hb-ot-layout-gdef-private.hh | 2 +-
pango/opentype/hb-ot-layout-gsubgpos-private.hh | 15 +++++-
5 files changed, 79 insertions(+), 16 deletions(-)
---
diff --git a/pango/opentype/hb-open-file-private.hh b/pango/opentype/hb-open-file-private.hh
index c06bb88..50b9bc2 100644
--- a/pango/opentype/hb-open-file-private.hh
+++ b/pango/opentype/hb-open-file-private.hh
@@ -85,7 +85,7 @@ struct TTCHeader
{
friend struct OpenTypeFontFile;
- STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (TTCHeader, 2);
+ STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (TTCHeader, 1, 2);
private:
Tag ttcTag; /* TrueType Collection ID string: 'ttcf' */
diff --git a/pango/opentype/hb-open-types-private.hh b/pango/opentype/hb-open-types-private.hh
index a8549e2..3d57122 100644
--- a/pango/opentype/hb-open-types-private.hh
+++ b/pango/opentype/hb-open-types-private.hh
@@ -60,6 +60,7 @@ struct _hb_sanitize_context_t
#define SANITIZE_THIS(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG, (const char *) this))
#define SANITIZE_THIS2(X,Y) SANITIZE_THIS (X) && SANITIZE_THIS (Y)
+#define SANITIZE_THIS3(X,Y,Z) SANITIZE_THIS (X) && SANITIZE_THIS (Y) && SANITIZE_THIS(Z)
#define SANITIZE_SELF() SANITIZE_OBJ (*this)
#define SANITIZE_OBJ(X) SANITIZE_MEM(&(X), sizeof (X))
@@ -205,12 +206,12 @@ struct Null <Type> \
return *(const Type*)data; \
}
/* Like get_for_data(), but checks major version first. */
-#define STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION(Type, Major) \
+#define STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION(Type, MajorMin, MajorMax) \
static inline const Type& get_for_data (const char *data) \
{ \
if (HB_UNLIKELY (data == NULL)) return Null(Type); \
const Type& t = *(const Type*)data; \
- if (HB_UNLIKELY (!t.version.major || t.version.major > Major)) return Null(Type); \
+ if (HB_UNLIKELY (t.version.major < MajorMin || t.version.major > MajorMax)) return Null(Type); \
return t; \
}
@@ -348,6 +349,10 @@ struct FixedVersion
{
inline operator uint32_t (void) const { return (major << 16) + minor; }
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_SELF ();
+ }
+
USHORT major;
USHORT minor;
};
@@ -371,12 +376,11 @@ struct ArrayOf
inline bool sanitize (SANITIZE_ARG_DEF) {
if (!(SANITIZE (len) && SANITIZE_GET_SIZE())) return false;
- /* For non-offset types, this shouldn't be needed
+ /* XXX For non-recursive types, this is too much overhead */
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!SANITIZE (array[i]))
return false;
- */
}
USHORT len;
diff --git a/pango/opentype/hb-ot-layout-common-private.hh b/pango/opentype/hb-ot-layout-common-private.hh
index 3eb0a55..439d7e8 100644
--- a/pango/opentype/hb-ot-layout-common-private.hh
+++ b/pango/opentype/hb-ot-layout-common-private.hh
@@ -46,6 +46,12 @@
template <typename Type>
struct Record
{
+ inline bool sanitize (SANITIZE_ARG_DEF, const char *base) {
+ /* Note: Doesn't sanitize referenced object */
+ /* Only accept ASCII-visible tags (mind DEL) */
+ return (tag & 0x80808080) == 0 && offset.sanitize (SANITIZE_ARG, base);
+ }
+
Tag tag; /* 4-byte Tag identifier */
OffsetTo<Type>
offset; /* Offset from beginning of object holding
@@ -53,7 +59,19 @@ struct Record
};
template <typename Type>
-struct RecordListOf : ArrayOf<Record<Type> >
+struct RecordArrayOf : ArrayOf<Record<Type> >
+{
+ inline bool sanitize (SANITIZE_ARG_DEF, const char *base) {
+ if (!(SANITIZE (this->len) && SANITIZE_GET_SIZE())) return false;
+ unsigned int count = this->len;
+ for (unsigned int i = 0; i < count; i++)
+ if (!SANITIZE_THIS (this->array[i]))
+ return false;
+ }
+};
+
+template <typename Type>
+struct RecordListOf : RecordArrayOf<Type>
{
inline const Type& operator [] (unsigned int i) const
{
@@ -65,18 +83,16 @@ struct RecordListOf : ArrayOf<Record<Type> >
if (HB_UNLIKELY (i >= this->len)) return Null(Tag);
return this->array[i].tag;
}
+
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return RecordArrayOf<Type>::sanitize (SANITIZE_ARG, (const char *) this);
+ }
};
struct Script;
-typedef Record<Script> ScriptRecord;
-ASSERT_SIZE (ScriptRecord, 6);
struct LangSys;
-typedef Record<LangSys> LangSysRecord;
-ASSERT_SIZE (LangSysRecord, 6);
struct Feature;
-typedef Record<Feature> FeatureRecord;
-ASSERT_SIZE (FeatureRecord, 6);
struct LangSys
@@ -92,6 +108,10 @@ struct LangSys
return reqFeatureIndex;;
}
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_SELF () && SANITIZE (featureIndex);
+ }
+
Offset lookupOrder; /* = Null (reserved for an offset to a
* reordering table) */
USHORT reqFeatureIndex;/* Index of a feature required for this
@@ -119,11 +139,15 @@ struct Script
inline bool has_default_lang_sys (void) const { return defaultLangSys != 0; }
inline const LangSys& get_default_lang_sys (void) const { return this+defaultLangSys; }
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_THIS (defaultLangSys) && SANITIZE_THIS (langSys);
+ }
+
private:
OffsetTo<LangSys>
defaultLangSys; /* Offset to DefaultLangSys table--from
* beginning of Script table--may be Null */
- ArrayOf<LangSysRecord>
+ RecordArrayOf<LangSys>
langSys; /* Array of LangSysRecords--listed
* alphabetically by LangSysTag */
};
@@ -138,6 +162,10 @@ struct Feature
inline const unsigned int get_lookup_index (unsigned int i) const { return lookupIndex[i]; }
inline unsigned int get_lookup_count (void) const { return lookupIndex.len; }
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_SELF () && SANITIZE (lookupIndex);
+ }
+
/* TODO: implement get_feature_parameters() */
/* TODO: implement FeatureSize and other special features? */
Offset featureParams; /* Offset to Feature Parameters table (if one
@@ -169,6 +197,10 @@ ASSERT_SIZE (LookupFlag, 2);
struct LookupSubTable
{
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_SELF ();
+ }
+
private:
USHORT format; /* Subtable format. Different for GSUB and GPOS */
};
@@ -192,6 +224,16 @@ struct Lookup
return flag;
}
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ if (!(SANITIZE_SELF () && SANITIZE_THIS (subTable))) return false;
+ if (HB_UNLIKELY (lookupFlag & LookupFlag::UseMarkFilteringSet))
+ {
+ USHORT &markFilteringSet = *(USHORT*) ((char *) &subTable + subTable.get_size ());
+ if (!SANITIZE (markFilteringSet)) return false;
+ }
+ return true;
+ }
+
USHORT lookupType; /* Different enumerations for GSUB and GPOS */
USHORT lookupFlag; /* Lookup qualifiers */
OffsetArrayOf<LookupSubTable>
@@ -210,6 +252,10 @@ struct OffsetListOf : OffsetArrayOf<Type>
if (HB_UNLIKELY (i >= this->len)) return Null(Type);
return this+this->array[i];
}
+
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, (const char *) this);
+ }
};
typedef OffsetListOf<Lookup> LookupList;
@@ -262,6 +308,7 @@ struct CoverageRangeRecord
return NOT_COVERED;
}
+ public:
inline bool sanitize (SANITIZE_ARG_DEF) {
return SANITIZE_SELF ();
}
@@ -376,6 +423,7 @@ struct ClassRangeRecord
return 0;
}
+ public:
inline bool sanitize (SANITIZE_ARG_DEF) {
return SANITIZE_SELF ();
}
diff --git a/pango/opentype/hb-ot-layout-gdef-private.hh b/pango/opentype/hb-ot-layout-gdef-private.hh
index 560a07e..1d1a88e 100644
--- a/pango/opentype/hb-ot-layout-gdef-private.hh
+++ b/pango/opentype/hb-ot-layout-gdef-private.hh
@@ -264,7 +264,7 @@ struct GDEF
ComponentGlyph = 4,
};
- STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (GDEF, 1);
+ STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (GDEF, 1, 1);
inline bool has_glyph_classes () const { return glyphClassDef != 0; }
inline hb_ot_layout_class_t get_glyph_class (hb_codepoint_t glyph) const
diff --git a/pango/opentype/hb-ot-layout-gsubgpos-private.hh b/pango/opentype/hb-ot-layout-gsubgpos-private.hh
index a14166c..792a7d7 100644
--- a/pango/opentype/hb-ot-layout-gsubgpos-private.hh
+++ b/pango/opentype/hb-ot-layout-gsubgpos-private.hh
@@ -161,6 +161,11 @@ static inline bool match_lookahead (APPLY_ARG_DEF,
struct LookupRecord
{
+ public:
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ return SANITIZE_SELF ();
+ }
+
USHORT sequenceIndex; /* Index into current glyph
* sequence--first glyph = 0 */
USHORT lookupListIndex; /* Lookup to apply to that
@@ -365,7 +370,7 @@ struct ContextFormat2
}
inline bool sanitize (SANITIZE_ARG_DEF) {
- return SANITIZE_THIS2 (coverage, classDef) && SANITIZE_THIS (ruleSet);
+ return SANITIZE_THIS3 (coverage, classDef, ruleSet);
}
private:
@@ -851,7 +856,7 @@ struct GSUBGPOS
static const hb_tag_t GSUBTag = HB_TAG ('G','S','U','B');
static const hb_tag_t GPOSTag = HB_TAG ('G','P','O','S');
- STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (GSUBGPOS, 1);
+ STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (GSUBGPOS, 1, 1);
DEFINE_TAG_LIST_INTERFACE (Script, script ); /* get_script_count (), get_script (i), get_script_tag (i) */
DEFINE_TAG_LIST_INTERFACE (Feature, feature); /* get_feature_count(), get_feature(i), get_feature_tag(i) */
@@ -861,6 +866,12 @@ struct GSUBGPOS
DEFINE_TAG_FIND_INTERFACE (Script, script ); /* find_script_index (), get_script_by_tag (tag) */
DEFINE_TAG_FIND_INTERFACE (Feature, feature); /* find_feature_index(), get_feature_by_tag(tag) */
+ inline bool sanitize (SANITIZE_ARG_DEF) {
+ if (!SANITIZE (version)) return false;
+ if (version.major != 1) return true;
+ return SANITIZE_THIS3 (scriptList, featureList, lookupList);
+ }
+
protected:
FixedVersion version; /* Version of the GSUB/GPOS table--initially set
* to 0x00010000 */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
