diff options
| author | Matthias Clasen <mclasen@redhat.com> | 2021-01-23 19:53:12 -0500 |
|---|---|---|
| committer | Matthias Clasen <mclasen@redhat.com> | 2021-01-23 19:53:12 -0500 |
| commit | 895759096309e7ce97c6fb019381b000df7d8e34 (patch) | |
| tree | ee74c3e7ad2fcbe63fea5b415baba268bc0103b0 | |
| parent | b5031e6e57c9462097db5c58f3a2f6293e9625ff (diff) | |
| download | pango-attr-list-overflow.tar.gz | |
Avoid overflow when updating attr listsattr-list-overflow
Avoid overflow when updating the end_index of
attributes in pango_attr_list_update. This is
a real risk, because end_index is commonly set
to G_MAXUINT to mean 'until the very end'.
Test included.
Fixes: #455
| -rw-r--r-- | pango/pango-attributes.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/pango/pango-attributes.c b/pango/pango-attributes.c index 38a41517..3ef76a70 100644 --- a/pango/pango-attributes.c +++ b/pango/pango-attributes.c @@ -1733,7 +1733,10 @@ pango_attr_list_update (PangoAttrList *list, } else if (attr->end_index >= pos + remove) { - attr->end_index += add - remove; + if (G_MAXUINT - attr->end_index < add - remove) + attr->end_index = G_MAXUINT; + else + attr->end_index += add - remove; } } } |