5 Oct
2023
5 Oct
'23
12:56 p.m.
Nikolay Sivov (@nsivov) commented about dlls/win32u/font.c:
- else
- {
OT_ClassDefFormat2 *cf2 = (OT_ClassDefFormat2 *)cf1;int i, top = GET_BE_WORD(cf2->ClassRangeCount);for (i = 0; i < top; i++){if (glyph >= GET_BE_WORD(cf2->ClassRangeRecord[i].Start) &&glyph <= GET_BE_WORD(cf2->ClassRangeRecord[i].End)){class = GET_BE_WORD(cf2->ClassRangeRecord[i].Class);break;}}- }
- return class;
+}
This does not do any validation regarding reading past the end of the table. Also format 2 should be using binary search, and not a loop.