aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggert2011-07-28 16:51:50 -0700
committerPaul Eggert2011-07-28 16:51:50 -0700
commit1ffd9c92ea38e078ec6cde6277c7ce88895212df (patch)
treed01e694989117659f9806a5b3f95ae99cda729b9
parent483a9e21b6c8387cdbd5a5f3ab8a3fe77f7e52a0 (diff)
downloademacs-1ffd9c92ea38e078ec6cde6277c7ce88895212df.tar.gz
emacs-1ffd9c92ea38e078ec6cde6277c7ce88895212df.zip
* ftfont.c: Check for size overflow.
(ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt): Check for integer overflow in size calculations.
Diffstat
-rw-r--r--src/ChangeLog4
-rw-r--r--src/ftfont.c15
2 files changed, 18 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 058c250a330..84d7bf4cb48 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
12011-07-28 Paul Eggert <eggert@cs.ucla.edu> 12011-07-28 Paul Eggert <eggert@cs.ucla.edu>
2 2
3 * ftfont.c: Check for size overflow.
4 (ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt):
5 Check for integer overflow in size calculations.
6
3 * fringe.c (Fdefine_fringe_bitmap): Don't update size until alloc works. 7 * fringe.c (Fdefine_fringe_bitmap): Don't update size until alloc works.
4 8
5 * frame.h (struct frame): Use int, not EMACS_INT, where int works. 9 * frame.h (struct frame): Use int, not EMACS_INT, where int works.
diff --git a/src/ftfont.c b/src/ftfont.c
index 4e313a89021..551006eef94 100644
--- a/src/ftfont.c
+++ b/src/ftfont.c
@@ -682,7 +682,10 @@ ftfont_get_open_type_spec (Lisp_Object otf_spec)
682 if (NILP (val)) 682 if (NILP (val))
683 continue; 683 continue;
684 len = Flength (val); 684 len = Flength (val);
685 spec->features[i] = malloc (sizeof (int) * XINT (len)); 685 spec->features[i] =
686 (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) < XINT (len)
687 ? 0
688 : malloc (sizeof (int) * XINT (len)));
686 if (! spec->features[i]) 689 if (! spec->features[i])
687 { 690 {
688 if (i > 0 && spec->features[0]) 691 if (i > 0 && spec->features[0])
@@ -1761,6 +1764,9 @@ static OTF_GlyphString otf_gstring;
1761static void 1764static void
1762setup_otf_gstring (int size) 1765setup_otf_gstring (int size)
1763{ 1766{
1767 if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (OTF_Glyph) < size)
1768 memory_full (SIZE_MAX);
1769
1764 if (otf_gstring.size == 0) 1770 if (otf_gstring.size == 0)
1765 { 1771 {
1766 otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size); 1772 otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size);
@@ -2390,6 +2396,8 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
2390 struct MFLTFontFT flt_font_ft; 2396 struct MFLTFontFT flt_font_ft;
2391 MFLT *flt = NULL; 2397 MFLT *flt = NULL;
2392 int with_variation_selector = 0; 2398 int with_variation_selector = 0;
2399 int allocated_max = min (INT_MAX,
2400 min (PTRDIFF_MAX, SIZE_MAX) / sizeof (MFLTGlyph));
2393 2401
2394 if (! m17n_flt_initialized) 2402 if (! m17n_flt_initialized)
2395 { 2403 {
@@ -2445,6 +2453,9 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
2445 } 2453 }
2446 } 2454 }
2447 2455
2456 if (allocated_max / 2 < len)
2457 memory_full (SIZE_MAX);
2458
2448 if (gstring.allocated == 0) 2459 if (gstring.allocated == 0)
2449 { 2460 {
2450 gstring.allocated = len * 2; 2461 gstring.allocated = len * 2;
@@ -2504,6 +2515,8 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
2504 int result = mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt); 2515 int result = mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt);
2505 if (result != -2) 2516 if (result != -2)
2506 break; 2517 break;
2518 if (allocated_max / 2 < gstring.allocated)
2519 memory_full (SIZE_MAX);
2507 gstring.allocated += gstring.allocated; 2520 gstring.allocated += gstring.allocated;
2508 gstring.glyphs = xrealloc (gstring.glyphs, 2521 gstring.glyphs = xrealloc (gstring.glyphs,
2509 sizeof (MFLTGlyph) * gstring.allocated); 2522 sizeof (MFLTGlyph) * gstring.allocated);
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-20 11:04:06 +0000