Block over growth during insert opcode

silnrsi · Mar 15, 2016 · 7187f8b · 7187f8b
1 parent 18a0544
commit 7187f8b
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 8 deletions.
diff --git a/src/Silf.cpp b/src/Silf.cpp
@@ -355,10 +355,10 @@ uint16 Silf::getClassGlyph(uint16 cid, unsigned int index) const
 bool Silf::runGraphite(Segment *seg, uint8 firstPass, uint8 lastPass, int dobidi) const
 {
     assert(seg != 0);
-    SlotMap            map(*seg, m_dir);
+    unsigned int       maxSize = seg->slotCount() * MAX_SEG_GROWTH_FACTOR;
+    SlotMap            map(*seg, m_dir, maxSize);
     FiniteStateMachine fsm(map, seg->getFace()->logger());
     vm::Machine        m(map);
-    unsigned int       initSize = seg->slotCount();
     uint8              lbidi = m_bPass;
 #if !defined GRAPHITE2_NTRACING
     json * const dbgout = seg->getFace()->logger();
@@ -424,7 +424,7 @@ bool Silf::runGraphite(Segment *seg, uint8 firstPass, uint8 lastPass, int dobidi
             return false;
         // only subsitution passes can change segment length, cached subsegments are short for their text
         if (m.status() != vm::Machine::finished
-            || (seg->slotCount() && seg->slotCount() * MAX_SEG_GROWTH_FACTOR < initSize))
+            || (seg->slotCount() && seg->slotCount() > maxSize))
             return false;
     }
     return true;

diff --git a/src/inc/Rule.h b/src/inc/Rule.h
@@ -102,7 +102,7 @@ class SlotMap
 {
 public:
   enum {MAX_SLOTS=64};
-  SlotMap(Segment & seg, uint8 direction);
+  SlotMap(Segment & seg, uint8 direction, int maxSize);
 
   Slot       * * begin();
   Slot       * * end();
@@ -121,13 +121,15 @@ class SlotMap
   void           highpassed(bool v) { m_highpassed = v; }
 
   uint8          dir() const { return m_dir; }
+  int            decMax() { return --m_maxSize; }
 
   Segment &    segment;
 private:
   Slot         * m_slot_map[MAX_SLOTS+1];
   unsigned short m_size;
   unsigned short m_precontext;
   Slot         * m_highwater;
+  int            m_maxSize;
   uint8          m_dir;
   bool           m_highpassed;
 };
@@ -242,8 +244,9 @@ void FiniteStateMachine::Rules::accumulate_rules(const State &state)
 }
 
 inline
-SlotMap::SlotMap(Segment & seg, uint8 direction)
-: segment(seg), m_size(0), m_precontext(0), m_highwater(0), m_dir(direction), m_highpassed(false)
+SlotMap::SlotMap(Segment & seg, uint8 direction, int maxSize)
+: segment(seg), m_size(0), m_precontext(0), m_highwater(0),
+    m_maxSize(maxSize), m_dir(direction), m_highpassed(false)
 {
     m_slot_map[0] = 0;
 }

diff --git a/src/inc/Segment.h b/src/inc/Segment.h
@@ -40,7 +40,7 @@ of the License or (at your option) any later version.
 #include "inc/List.h"
 #include "inc/Collider.h"
 
-#define MAX_SEG_GROWTH_FACTOR  256
+#define MAX_SEG_GROWTH_FACTOR  64
 
 namespace graphite2 {
 

diff --git a/src/inc/opcodes.h b/src/inc/opcodes.h
@@ -267,6 +267,7 @@ STARTOP(put_copy)
 ENDOP
 
 STARTOP(insert)
+    if (smap.decMax() <= 0) DIE;
     Slot *newSlot = seg.newSlot();
     if (!newSlot) DIE;
     Slot *iss = is;

diff --git a/tests/vm/basic_test.cpp b/tests/vm/basic_test.cpp
@@ -100,7 +100,7 @@ int main(int argc, char *argv[])
     Segment seg;
     Slot s1;
     uint32 ret = 0;
-    SlotMap smap(seg, 0);
+    SlotMap smap(seg, 0, 0);
     Machine m(smap);
     smap.pushSlot(&s1);
     slotref * map = smap.begin();