On 09/06/2012 10:39 PM, Harshula wrote: > On Thu, 2012-09-06 at 15:17 -0400, Behdad Esfahbod wrote: >> On 09/06/2012 02:47 PM, Harshula wrote: >>>>> ALLOCATE_ARRAY (const HB_UChar16, item.string, chars_len); >>>>> + ALLOCATE_ARRAY (unsigned short, item.log_clusters, chars_len + 2); >>> Why is the length "chars_len + 2"? >> >> 1. I *think* old harfbuzz also adds a final entry to that array, >> 2. It's widely reported (from Chromium people for example) that some of the >> old HarfBuzz backends (Tibetan IIRC) make an off-by-one access past that >> array. >> >> In short: to be on the safe side. > > OK. Also when you calculate num_glyphs that will fit in the scratch > space: > > ALLOCATE_ARRAY (const HB_UChar16, item.string, chars_len); > ALLOCATE_ARRAY (unsigned short, item.log_clusters, chars_len + 2); > > unsigned int num_glyphs = scratch_size / (sizeof (HB_Glyph) + > sizeof (HB_GlyphAttributes) + > sizeof (HB_Fixed) + > sizeof (HB_FixedPoint) + > sizeof (uint32_t)); > > ALLOCATE_ARRAY (HB_Glyph, item.glyphs, num_glyphs); > ALLOCATE_ARRAY (HB_GlyphAttributes, item.attributes, num_glyphs); > ALLOCATE_ARRAY (HB_Fixed, item.advances, num_glyphs); > ALLOCATE_ARRAY (HB_FixedPoint, item.offsets, num_glyphs); > ALLOCATE_ARRAY (uint32_t, vis_clusters, num_glyphs); > > shouldn't you first subtract the space consumed by the already allocated > arrays for item.string and item.log_clusters? For example:
No. The ALLOCATE_ARRAY does that already. b _______________________________________________ HarfBuzz mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/harfbuzz
