[HarfBuzz] harfbuzz-ng: Branch 'master'
Harshula
harshula at gmail.com
Thu Sep 6 19:39:36 PDT 2012
On Thu, 2012-09-06 at 15:17 -0400, Behdad Esfahbod wrote:
> On 09/06/2012 02:47 PM, Harshula wrote:
> >> > ALLOCATE_ARRAY (const HB_UChar16, item.string, chars_len);
> >> > + ALLOCATE_ARRAY (unsigned short, item.log_clusters, chars_len + 2);
> > Why is the length "chars_len + 2"?
>
> 1. I *think* old harfbuzz also adds a final entry to that array,
> 2. It's widely reported (from Chromium people for example) that some of the
> old HarfBuzz backends (Tibetan IIRC) make an off-by-one access past that array.
>
> In short: to be on the safe side.
OK. Also when you calculate num_glyphs that will fit in the scratch
space:
ALLOCATE_ARRAY (const HB_UChar16, item.string, chars_len);
ALLOCATE_ARRAY (unsigned short, item.log_clusters, chars_len + 2);
unsigned int num_glyphs = scratch_size / (sizeof (HB_Glyph) +
sizeof (HB_GlyphAttributes) +
sizeof (HB_Fixed) +
sizeof (HB_FixedPoint) +
sizeof (uint32_t));
ALLOCATE_ARRAY (HB_Glyph, item.glyphs, num_glyphs);
ALLOCATE_ARRAY (HB_GlyphAttributes, item.attributes, num_glyphs);
ALLOCATE_ARRAY (HB_Fixed, item.advances, num_glyphs);
ALLOCATE_ARRAY (HB_FixedPoint, item.offsets, num_glyphs);
ALLOCATE_ARRAY (uint32_t, vis_clusters, num_glyphs);
shouldn't you first subtract the space consumed by the already allocated
arrays for item.string and item.log_clusters? For example:
unsigned int num_glyphs = (scratch_size
- (chars_len * sizeof (HB_UChar16))
- ((chars_len + 2) * sizeof (unsigned short)))
/ (sizeof (HB_Glyph) +
sizeof (HB_GlyphAttributes) +
sizeof (HB_Fixed) +
sizeof (HB_FixedPoint) +
sizeof (uint32_t));
I noted that the test cases I had tried this on, num_glyphs would change
from N to N-1.
cya,
#
More information about the HarfBuzz
mailing list