Skip to content

Commit

Permalink
[glyphstring] Handle overflow with very long glyphstrings
Browse files Browse the repository at this point in the history
  • Loading branch information
@behdad
behdad committed Mar 2, 2009
1 parent 1c9433b commit 4de30e5
Showing 1 changed file with 20 additions and 6 deletions.
26 changes: 20 additions & 6 deletions pango/glyphstring.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,28 @@ pango_glyph_string_set_size (PangoGlyphString *string, gint new_len)
while (new_len > string->space)
{
if (string->space == 0)
string->space = 1;
{
string->space = 4;
}
else
string->space *= 2;

if (string->space < 0)
{
g_warning ("glyph string length overflows maximum integer size, truncated");
new_len = string->space = G_MAXINT - 8;
const guint max_space =
MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint)));

guint more_space = (guint)string->space * 2;

if (more_space > max_space)
{
more_space = max_space;

if ((guint)new_len > max_space)
{
g_error ("%s: failed to allocate glyph string of length %i\n",
G_STRLOC, new_len);
}
}

string->space = more_space;
}
}

Expand Down

0 comments on commit 4de30e5

Please sign in to comment.