wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

bug 593296 - avoid potential read beyond end of kern-pair list. r=jfkthame a=blocking-beta7+

Browse Source
This commit is contained in:
John Daggett 2010-09-22 10:15:57 +01:00
parent 4fbb745b8c
commit a4541c4944
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gfx/thebes/gfxHarfBuzzShaper.cpp
View File

@ -284,6 +284,7 @@ GetKernValueFmt0(const void* aSubtable,
const KernPair *lo = reinterpret_cast<const KernPair*>(hdr + 1);
const KernPair *hi = lo + PRUint16(hdr->nPairs);
const KernPair *limit = hi;
if (reinterpret_cast<const char*>(aSubtable) + aSubtableLen <
reinterpret_cast<const char*>(hi)) {
@ -304,7 +305,7 @@ GetKernValueFmt0(const void* aSubtable,
}
}
if (KERN_PAIR_KEY(lo->left, lo->right) == key) {
if (lo < limit && KERN_PAIR_KEY(lo->left, lo->right) == key) {
if (aIsOverride) {
aValue = PRInt16(lo->value);
} else if (aIsMinimum) {