2011-07-28 Paul Eggert <eggert@cs.ucla.edu>
+ * ftfont.c: Check for size overflow.
+ (ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt):
+ Check for integer overflow in size calculations.
+
* fringe.c (Fdefine_fringe_bitmap): Don't update size until alloc works.
* frame.h (struct frame): Use int, not EMACS_INT, where int works.
if (NILP (val))
continue;
len = Flength (val);
- spec->features[i] = malloc (sizeof (int) * XINT (len));
+ spec->features[i] =
+ (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) < XINT (len)
+ ? 0
+ : malloc (sizeof (int) * XINT (len)));
if (! spec->features[i])
{
if (i > 0 && spec->features[0])
static void
setup_otf_gstring (int size)
{
+ if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (OTF_Glyph) < size)
+ memory_full (SIZE_MAX);
+
if (otf_gstring.size == 0)
{
otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size);
struct MFLTFontFT flt_font_ft;
MFLT *flt = NULL;
int with_variation_selector = 0;
+ int allocated_max = min (INT_MAX,
+ min (PTRDIFF_MAX, SIZE_MAX) / sizeof (MFLTGlyph));
if (! m17n_flt_initialized)
{
}
}
+ if (allocated_max / 2 < len)
+ memory_full (SIZE_MAX);
+
if (gstring.allocated == 0)
{
gstring.allocated = len * 2;
int result = mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt);
if (result != -2)
break;
+ if (allocated_max / 2 < gstring.allocated)
+ memory_full (SIZE_MAX);
gstring.allocated += gstring.allocated;
gstring.glyphs = xrealloc (gstring.glyphs,
sizeof (MFLTGlyph) * gstring.allocated);
projects / emacs.git / commitdiff