[HarfBuzz] harfbuzz: Branch 'master' - 3 commits

Behdad Esfahbod behdad at kemper.freedesktop.org
Sat Nov 17 00:49:40 UTC 2018 

 src/hb-aat-layout.cc |    2 +-
 src/hb-open-type.hh  |   22 ++++++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

New commits:
commit 0328a1ce41611ed981d41384ae5727479699f3a0
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Fri Nov 16 16:48:28 2018 -0800

    Revert b4c61130324455bfd42095b01fa14ac901e441f1
    
    Was causing more trouble than it solved.  We use unsigned for indexing,
    and it's not helpful to allow that wrapping to negative integers on
    32bit machines.  The only way we could work around it would have been
    by accepting int64_t arg, but that's overkill.
    
    Ignore the MSVC 2008 build issue.  We don't support that compiler.

diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index bae73da4..c77c25fa 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -339,25 +339,16 @@ struct UnsizedArrayOf
 
   HB_NO_CREATE_COPY_ASSIGN_TEMPLATE (UnsizedArrayOf, Type);
 
-  /* Unlikely other places, use "ssize_t i" instead of "unsigned int i" for our
-   * indexing operator.  For three reasons:
-   * 1. For UnsizedArrayOf, it's not totally unimaginable to want to look
-   *    at items before the start of current array.
-   * 2. Use the largest type, to help detect overflows.
-   * 3. Fixes MSVC 2008 "overloads have similar conversions" issue with the
-   *    built-in operator [] that takes int, in expressions like sizeof (array[0])).
-   *    I suppose I could fix that by replacing 0 with 0u, but like this fix
-   *    more now. */
-  inline const Type& operator [] (ssize_t i) const
+  inline const Type& operator [] (unsigned int i) const
   {
     const Type *p = &arrayZ[i];
-    if (unlikely ((0 <= i) != (arrayZ <= p))) return Null (Type); /* Over/under-flowed. */
+    if (unlikely (p < arrayZ)) return Null (Type); /* Overflowed. */
     return *p;
   }
-  inline Type& operator [] (ssize_t i)
+  inline Type& operator [] (unsigned int i)
   {
     const Type *p = &arrayZ[i];
-    if (unlikely ((0 <= i) != (arrayZ <= p))) return Crap (Type); /* Over/under-flowed. */
+    if (unlikely (p < arrayZ)) return Crap (Type); /* Overflowed. */
     return *p;
   }
 
commit 52f61cdb87b67ef42a25288d8624170d0b6d3a25
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Fri Nov 16 16:41:59 2018 -0800

    Detect over/under-flow in UnsizedArray::operator[]
    
    Was causing bad substitutions in mort table because of WordOffsetToIndex()
    producing negative numbers that were cast to unsigned int and returned as
    large numbers (which was desirable, so they would be rejected), but then
    they were cast to int when passed to this operator and acting as small
    negative integers, which was bad...
    
    Detect overflow.  Ouch, however, now I see this still fails on 32-bit.
    Guess I'm going to revert an earlier change.

diff --git a/src/hb-open-type.hh b/src/hb-open-type.hh
index a14d0f02..bae73da4 100644
--- a/src/hb-open-type.hh
+++ b/src/hb-open-type.hh
@@ -339,16 +339,27 @@ struct UnsizedArrayOf
 
   HB_NO_CREATE_COPY_ASSIGN_TEMPLATE (UnsizedArrayOf, Type);
 
-  /* Unlikely other places, use "int i" instead of "unsigned int i" for our
-   * indexing operator.  For two reasons:
+  /* Unlikely other places, use "ssize_t i" instead of "unsigned int i" for our
+   * indexing operator.  For three reasons:
    * 1. For UnsizedArrayOf, it's not totally unimaginable to want to look
    *    at items before the start of current array.
-   * 2. Fixes MSVC 2008 "overloads have similar conversions" issue with the
+   * 2. Use the largest type, to help detect overflows.
+   * 3. Fixes MSVC 2008 "overloads have similar conversions" issue with the
    *    built-in operator [] that takes int, in expressions like sizeof (array[0])).
    *    I suppose I could fix that by replacing 0 with 0u, but like this fix
    *    more now. */
-  inline const Type& operator [] (int i) const { return arrayZ[i]; }
-  inline Type& operator [] (int i) { return arrayZ[i]; }
+  inline const Type& operator [] (ssize_t i) const
+  {
+    const Type *p = &arrayZ[i];
+    if (unlikely ((0 <= i) != (arrayZ <= p))) return Null (Type); /* Over/under-flowed. */
+    return *p;
+  }
+  inline Type& operator [] (ssize_t i)
+  {
+    const Type *p = &arrayZ[i];
+    if (unlikely ((0 <= i) != (arrayZ <= p))) return Crap (Type); /* Over/under-flowed. */
+    return *p;
+  }
 
   template <typename T> inline operator T * (void) { return arrayZ; }
   template <typename T> inline operator const T * (void) const { return arrayZ; }
commit 6910ff03e66f5f4c9eb5592262d414ef7d91df04
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Fri Nov 16 16:11:02 2018 -0800

    [aat] Fix mort shaping
    
    Ouch!

diff --git a/src/hb-aat-layout.cc b/src/hb-aat-layout.cc
index da6908a4..d9580c15 100644
--- a/src/hb-aat-layout.cc
+++ b/src/hb-aat-layout.cc
@@ -215,7 +215,7 @@ hb_aat_layout_substitute (const hb_ot_shape_plan_t *plan,
     return;
   }
 
-  hb_blob_t *mort_blob = font->face->table.morx.get_blob ();
+  hb_blob_t *mort_blob = font->face->table.mort.get_blob ();
   const AAT::mort& mort = *mort_blob->as<AAT::mort> ();
   if (mort.has_data ())
   {

More information about the HarfBuzz mailing list