From: YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp>
Date: Sat, 6 Jul 2019 05:08:47 +0000 (+0900)
Subject: Avoid crash inside CFCharacterSetIsLongCharacterMember
X-Git-Tag: emacs-27.0.90~2099
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=0e15bd11dc058d5efcdcb16436c3d8cf240859f6;p=emacs.git

Avoid crash inside CFCharacterSetIsLongCharacterMember

* src/macfont.m (macfont_supports_charset_and_languages_p)
(macfont_has_char): Don't pass integers outside the Unicode codespace to
CFCharacterSetIsLongCharacterMember.
---

diff --git a/src/macfont.m b/src/macfont.m
index f736fbf0e1e..2b7f963fd61 100644
--- a/src/macfont.m
+++ b/src/macfont.m
@@ -2076,7 +2076,7 @@ macfont_supports_charset_and_languages_p (CTFontDescriptorRef desc,
               ptrdiff_t j;
 
               for (j = 0; j < ASIZE (chars); j++)
-                if (TYPE_RANGED_FIXNUMP (UTF32Char, AREF (chars, j))
+                if (RANGED_FIXNUMP (0, AREF (chars, j), MAX_UNICODE_CHAR)
                     && CFCharacterSetIsLongCharacterMember (desc_charset,
                                                             XFIXNAT (AREF (chars, j))))
                   break;
@@ -2710,6 +2710,9 @@ macfont_has_char (Lisp_Object font, int c)
   int result;
   CFCharacterSetRef charset;
 
+  if (c < 0 || c > MAX_UNICODE_CHAR)
+    return false;
+
   block_input ();
   if (FONT_ENTITY_P (font))
     {