[HarfBuzz] harfbuzz: Branch 'master' - 2 commits

[Behdad Esfahbod]

 src/hb-aat-layout-common-private.hh |   43 +++++++++++++++++++++++++++++++++---
 src/hb-open-type-private.hh         |    4 +--
 2 files changed, 42 insertions(+), 5 deletions(-)

New commits:
commit 9b82aa19d812e70b7fade4b7669a9ce27855951e
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Thu Jan 11 18:19:42 2018 +0100

    More warning fixes

diff --git a/src/hb-open-type-private.hh b/src/hb-open-type-private.hh
index 6d8bc6cb..736497d9 100644
--- a/src/hb-open-type-private.hh
+++ b/src/hb-open-type-private.hh
@@ -1041,12 +1041,12 @@ struct SortedArrayOf : ArrayOf<Type, LenType>
   inline int bsearch (const SearchType &x) const
   {
     /* Hand-coded bsearch here since this is in the hot inner loop. */
-    const Type *array = this->array;
+    const Type *arr = this->array;
     int min = 0, max = (int) this->len - 1;
     while (min <= max)
     {
       int mid = (min + max) / 2;
-      int c = array[mid].cmp (x);
+      int c = arr[mid].cmp (x);
       if (c < 0)
         max = mid - 1;
       else if (c > 0)
commit 680cbc2eb325edc6b8562f39485b146aa56b3872
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Thu Jan 11 18:15:53 2018 +0100

    [aat] Sanitize StateTable

diff --git a/src/hb-aat-layout-common-private.hh b/src/hb-aat-layout-common-private.hh
index 887350bb..4d2285a8 100644
--- a/src/hb-aat-layout-common-private.hh
+++ b/src/hb-aat-layout-common-private.hh
@@ -552,18 +552,55 @@ struct StateTable
 
   inline const Entry<Extra> *get_entry (unsigned int state, unsigned int klass) const
   {
+    if (unlikely (klass >= nClasses)) return nullptr;
+
     const HBUSHORT *states = (this+stateArrayTable).arrayZ;
     const Entry<Extra> *entries = (this+entryTable).arrayZ;
 
-    unsigned int entry = states[state * nClasses + klass]; /* XXX bound check. */
+    unsigned int entry = states[state * nClasses + klass];
 
-    return &entries[entry]; /* XXX bound check. */
+    return &entries[entry];
   }
 
   inline bool sanitize (hb_sanitize_context_t *c) const
   {
     TRACE_SANITIZE (this);
-    return_trace (c->check_struct (this)); /* XXX */
+    if (unlikely (!c->check_struct (this))) return_trace (false);
+
+    const HBUSHORT *states = (this+stateArrayTable).arrayZ;
+    const Entry<Extra> *entries = (this+entryTable).arrayZ;
+
+    unsigned int num_states = 1;
+    unsigned int num_entries = 0;
+
+    unsigned int state = 0;
+    unsigned int entry = 0;
+    while (state < num_states)
+    {
+      if (unlikely (!c->check_array (states + state * nClasses,
+				     states[0].static_size,
+				     nClasses * (num_states - state))))
+	return_trace (false);
+      { /* Sweep new states. */
+	const HBUSHORT *stop = &states[num_states * nClasses];
+	for (const HBUSHORT *p = &states[state * nClasses]; p < stop; p++)
+	  num_entries = MAX<unsigned int> (num_entries, *p + 1);
+	state = num_states;
+      }
+
+      if (unlikely (!c->check_array (entries + entry,
+				     entries[0].static_size,
+				     num_entries - entry)))
+	return_trace (false);
+      { /* Sweep new entries. */
+	const Entry<Extra> *stop = &entries[num_entries];
+	for (const Entry<Extra> *p = &entries[entry]; p < stop; p++)
+	  num_states = MAX<unsigned int> (num_states, p->newState + 1);
+	entry = num_entries;
+      }
+    }
+
+    return_trace (true);
   }
 
   protected: