From 490c3dee9c9e9b1f55c93390723716de7bf931f1 Mon Sep 17 00:00:00 2001
From: Vadim Pakhnushev <vadim@openjdk.org>
Date: Thu, 16 Apr 2015 11:27:23 +0300
Subject: [PATCH] 8077520: Morph tables into improved form

Reviewed-by: prr, srl, mschoene
---
 .../native/libfontmanager/layout/Features.cpp  |  2 +-
 .../libfontmanager/layout/LETableReference.h   | 18 +++++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/Features.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/Features.cpp
index 6c6bcc8b331..02bb838d52f 100644
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/Features.cpp
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/Features.cpp
@@ -41,7 +41,7 @@ U_NAMESPACE_BEGIN
 LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
 {
     LEReferenceToArrayOf<FeatureRecord>
-        featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
+        featureRecordArrayRef(base, success, featureRecordArray, featureIndex+1);
 
   if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
     return LEReferenceTo<FeatureTable>();
diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/LETableReference.h b/jdk/src/java.desktop/share/native/libfontmanager/layout/LETableReference.h
index 59a1878307a..deffe9ff1b3 100644
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LETableReference.h
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LETableReference.h
@@ -239,6 +239,18 @@ public:
     return fLength;
   }
 
+  /**
+  * Throw an error if size*count overflows
+  */
+  size_t verifyLength(size_t offset, size_t size, le_uint32 count, LEErrorCode &success) {
+    if(count!=0 && size>LE_UINT32_MAX/count) {
+      LE_DEBUG_TR3("verifyLength failed size=%u, count=%u", size, count);
+      success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+      return 0;
+    }
+    return verifyLength(offset, size*count, success);
+  }
+
   /**
    * Change parent link to another
    */
@@ -424,7 +436,7 @@ public:
       if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
         fCount = getLength()/LETableVarSizer<T>::getSize(); // fit to max size
       }
-      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize()*fCount, success);
+      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize(), fCount, success);
     }
     if(LE_FAILURE(success)) {
       fCount=0;
@@ -439,7 +451,7 @@ _TRTRACE("INFO: new RTAO")
       if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
         fCount = getLength()/LETableVarSizer<T>::getSize(); // fit to max size
       }
-      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize()*fCount, success);
+      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize(), fCount, success);
     }
     if(LE_FAILURE(success)) clear();
   }
@@ -450,7 +462,7 @@ _TRTRACE("INFO: new RTAO")
       if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
         fCount = getLength()/LETableVarSizer<T>::getSize(); // fit to max size
       }
-      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize()*fCount, success);
+      LETableReference::verifyLength(0, LETableVarSizer<T>::getSize(), fCount, success);
     }
     if(LE_FAILURE(success)) clear();
   }