diff options
4 files changed, 12 insertions, 5 deletions
diff --git a/cpp/src/sfntly/data/readable_font_data.cc b/cpp/src/sfntly/data/readable_font_data.cc index 0f93fdb..9ffcb00 100644 --- a/cpp/src/sfntly/data/readable_font_data.cc +++ b/cpp/src/sfntly/data/readable_font_data.cc @@ -294,7 +294,9 @@ int32_t ReadableFontData::SearchULong(int32_t start_index, CALLER_ATTACH FontData* ReadableFontData::Slice(int32_t offset, int32_t length) { - if (offset < 0 || offset + length > Size()) { + if (offset < 0 || length < 0 || + offset > std::numeric_limits<int32_t>::max() - length || + offset + length > Size()) { #if !defined (SFNTLY_NO_EXCEPTION) throw IndexOutOfBoundsException( "Attempt to bind data outside of its limits"); diff --git a/cpp/src/sfntly/data/writable_font_data.cc b/cpp/src/sfntly/data/writable_font_data.cc index 4b3b440..073e9df 100644 --- a/cpp/src/sfntly/data/writable_font_data.cc +++ b/cpp/src/sfntly/data/writable_font_data.cc @@ -17,6 +17,7 @@ #include "sfntly/data/writable_font_data.h" #include <algorithm> +#include <limits> #include "sfntly/data/memory_byte_array.h" #include "sfntly/data/growable_memory_byte_array.h" @@ -167,7 +168,9 @@ void WritableFontData::CopyFrom(InputStream* is) { CALLER_ATTACH FontData* WritableFontData::Slice(int32_t offset, int32_t length) { - if (offset < 0 || offset + length > Size()) { + if (offset < 0 || length < 0 || + offset > std::numeric_limits<int32_t>::max() - length || + offset + length > Size()) { #if !defined (SFNTLY_NO_EXCEPTION) throw IndexOutOfBoundsException( "Attempt to bind data outside of its limits"); @@ -179,7 +182,7 @@ CALLER_ATTACH FontData* WritableFontData::Slice(int32_t offset, } CALLER_ATTACH FontData* WritableFontData::Slice(int32_t offset) { - if (offset > Size()) { + if (offset < 0 || offset > Size()) { #if !defined (SFNTLY_NO_EXCEPTION) throw IndexOutOfBoundsException( "Attempt to bind data outside of its limits"); diff --git a/java/src/com/google/typography/font/sfntly/data/ReadableFontData.java b/java/src/com/google/typography/font/sfntly/data/ReadableFontData.java index 2561703..ad7894c 100644 --- a/java/src/com/google/typography/font/sfntly/data/ReadableFontData.java +++ b/java/src/com/google/typography/font/sfntly/data/ReadableFontData.java @@ -150,7 +150,8 @@ public class ReadableFontData extends FontData { */ @Override public ReadableFontData slice(int offset, int length) { - if (offset < 0 || (offset + length) > this.size()) { + if (offset < 0 || length < 0 || offset > Integer.MAX_VALUE - length || + (offset + length) > this.size()) { throw new IndexOutOfBoundsException("Attempt to bind data outside of its limits."); } ReadableFontData slice = new ReadableFontData(this, offset, length); diff --git a/java/src/com/google/typography/font/sfntly/data/WritableFontData.java b/java/src/com/google/typography/font/sfntly/data/WritableFontData.java index eb10c78..c828170 100644 --- a/java/src/com/google/typography/font/sfntly/data/WritableFontData.java +++ b/java/src/com/google/typography/font/sfntly/data/WritableFontData.java @@ -125,7 +125,8 @@ public final class WritableFontData extends ReadableFontData { */ @Override public WritableFontData slice(int offset, int length) { - if (offset < 0 || (offset + length) > this.size()) { + if (offset < 0 || length < 0 || offset > Integer.MAX_VALUE - length || + (offset + length) > this.size()) { throw new IndexOutOfBoundsException("Attempt to bind data outside of its limits."); } WritableFontData slice = new WritableFontData(this, offset, length); |