aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/ChangeLog3
-rw-r--r--src/composite.c34
2 files changed, 28 insertions, 9 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index d86ae360275..78b3b97b2d7 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,8 @@
12011-07-28 Paul Eggert <eggert@cs.ucla.edu> 12011-07-28 Paul Eggert <eggert@cs.ucla.edu>
2 2
3 * composite.c: Integer overflow fixes.
4 (get_composition_id): Check for overflow in glyph length calculations.
5
3 * coding.c: Integer and memory overflow fixes. 6 * coding.c: Integer and memory overflow fixes.
4 (produce_chars): Redo buffer-overflow calculations to avoid 7 (produce_chars): Redo buffer-overflow calculations to avoid
5 unnecessary integer overflow. Check for size overflow. 8 unnecessary integer overflow. Check for size overflow.
diff --git a/src/composite.c b/src/composite.c
index b25699b9ff4..4ae1d6ebb68 100644
--- a/src/composite.c
+++ b/src/composite.c
@@ -177,14 +177,24 @@ get_composition_id (EMACS_INT charpos, EMACS_INT bytepos, EMACS_INT nchars,
177 Lisp_Object prop, Lisp_Object string) 177 Lisp_Object prop, Lisp_Object string)
178{ 178{
179 Lisp_Object id, length, components, key, *key_contents; 179 Lisp_Object id, length, components, key, *key_contents;
180 int glyph_len; 180 ptrdiff_t glyph_len;
181 struct Lisp_Hash_Table *hash_table = XHASH_TABLE (composition_hash_table); 181 struct Lisp_Hash_Table *hash_table = XHASH_TABLE (composition_hash_table);
182 ptrdiff_t hash_index; 182 ptrdiff_t hash_index;
183 EMACS_UINT hash_code; 183 EMACS_UINT hash_code;
184 enum composition_method method;
184 struct composition *cmp; 185 struct composition *cmp;
185 EMACS_INT i; 186 EMACS_INT i;
186 int ch; 187 int ch;
187 188
189 /* Maximum length of a string of glyphs. XftGlyphExtents limits this
190 to INT_MAX, and Emacs may limit it further. */
191 enum {
192 glyph_len_max =
193 min (INT_MAX,
194 (min (PTRDIFF_MAX, SIZE_MAX)
195 / max (MAX_MULTIBYTE_LENGTH, 2 * sizeof (short))))
196 };
197
188 /* PROP should be 198 /* PROP should be
189 Form-A: ((LENGTH . COMPONENTS) . MODIFICATION-FUNC) 199 Form-A: ((LENGTH . COMPONENTS) . MODIFICATION-FUNC)
190 or 200 or
@@ -320,18 +330,24 @@ get_composition_id (EMACS_INT charpos, EMACS_INT bytepos, EMACS_INT nchars,
320 /* Register the composition in composition_hash_table. */ 330 /* Register the composition in composition_hash_table. */
321 hash_index = hash_put (hash_table, key, id, hash_code); 331 hash_index = hash_put (hash_table, key, id, hash_code);
322 332
333 method = (NILP (components)
334 ? COMPOSITION_RELATIVE
335 : ((INTEGERP (components) || STRINGP (components))
336 ? COMPOSITION_WITH_ALTCHARS
337 : COMPOSITION_WITH_RULE_ALTCHARS));
338
339 glyph_len = (method == COMPOSITION_WITH_RULE_ALTCHARS
340 ? (ASIZE (key) + 1) / 2
341 : ASIZE (key));
342
343 if (glyph_len_max < glyph_len)
344 memory_full (SIZE_MAX);
345
323 /* Register the composition in composition_table. */ 346 /* Register the composition in composition_table. */
324 cmp = (struct composition *) xmalloc (sizeof (struct composition)); 347 cmp = (struct composition *) xmalloc (sizeof (struct composition));
325 348
326 cmp->method = (NILP (components) 349 cmp->method = method;
327 ? COMPOSITION_RELATIVE
328 : ((INTEGERP (components) || STRINGP (components))
329 ? COMPOSITION_WITH_ALTCHARS
330 : COMPOSITION_WITH_RULE_ALTCHARS));
331 cmp->hash_index = hash_index; 350 cmp->hash_index = hash_index;
332 glyph_len = (cmp->method == COMPOSITION_WITH_RULE_ALTCHARS
333 ? (ASIZE (key) + 1) / 2
334 : ASIZE (key));
335 cmp->glyph_len = glyph_len; 351 cmp->glyph_len = glyph_len;
336 cmp->offsets = (short *) xmalloc (sizeof (short) * glyph_len * 2); 352 cmp->offsets = (short *) xmalloc (sizeof (short) * glyph_len * 2);
337 cmp->font = NULL; 353 cmp->font = NULL;
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-18 16:45:22 +0000