diff options
author | Behdad Esfahbod <behdad@behdad.org> | 2009-08-14 16:12:22 -0400 |
---|---|---|
committer | Behdad Esfahbod <behdad@behdad.org> | 2009-08-14 16:12:22 -0400 |
commit | 578e321d3b5a08b86e6f1576f09973a94924e448 (patch) | |
tree | 4ae7d01b361af112ede9cd40ed22f84d7db0d207 | |
parent | d683b37b8817aef334281aada550bf8974fde1a8 (diff) | |
download | pango-578e321d3b5a08b86e6f1576f09973a94924e448.tar.gz |
[HB] Add note about auditing sanitize code for overflows
-rw-r--r-- | pango/opentype/TODO | 1 | ||||
-rw-r--r-- | pango/opentype/hb-ot-layout-gpos-private.hh | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/pango/opentype/TODO b/pango/opentype/TODO index d2b067d5..54560aa8 100644 --- a/pango/opentype/TODO +++ b/pango/opentype/TODO @@ -3,3 +3,4 @@ - cmap14 support in get_glyph callback - size_t? - Figure out compiler selection (add test for link to libstdc++) +- Audit sanitize for int overflows diff --git a/pango/opentype/hb-ot-layout-gpos-private.hh b/pango/opentype/hb-ot-layout-gpos-private.hh index e357b01c..6b20716d 100644 --- a/pango/opentype/hb-ot-layout-gpos-private.hh +++ b/pango/opentype/hb-ot-layout-gpos-private.hh @@ -565,7 +565,7 @@ struct PairPosFormat2 SANITIZE_THIS2 (classDef1, classDef2) && SANITIZE_MEM (values, (valueFormat1.get_size () + valueFormat2.get_size ()) * - class1Count * class2Count); + class1Count * class2Count); /* XXX overflow (in other places too) */ } private: |