[HarfBuzz] harfbuzz-ng: Branch 'master'

Behdad Esfahbod Mon, 28 Feb 2011 10:14:19 -0800

 src/hb-buffer.cc |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)


New commits:
commit b5dd44e24669cd35affcd92788d39ff56cac94db
Author: Behdad Esfahbod <[email protected]>
Date:   Mon Feb 28 10:13:52 2011 -0800

    Fix possible overflow

diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
index 04ae8c9..c868091 100644
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@@ -73,8 +73,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
   while (size > new_allocated)
     new_allocated += (new_allocated >> 1) + 8;
 
-  new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * 
sizeof (buffer->pos[0]));
-  new_info = (hb_glyph_info_t *) realloc (buffer->info, new_allocated * sizeof 
(buffer->info[0]));
+  ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
+  bool overflows = new_allocated >= ((unsigned int) -1) / sizeof 
(buffer->info[0]);
+
+  if (unlikely (overflows)) {
+    new_pos = NULL;
+    new_info = NULL;
+  } else {
+    new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * 
sizeof (buffer->pos[0]));
+    new_info = (hb_glyph_info_t *) realloc (buffer->info, new_allocated * 
sizeof (buffer->info[0]));
+  }
 
   if (unlikely (!new_pos || !new_info))
     buffer->in_error = TRUE;
_______________________________________________
HarfBuzz mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/harfbuzz

[HarfBuzz] harfbuzz-ng: Branch 'master'

Reply via email to