diff options
| author | Behdad Esfahbod <behdad@behdad.org> | 2009-03-02 12:00:52 +0330 |
|---|---|---|
| committer | Behdad Esfahbod <behdad@behdad.org> | 2009-03-02 12:00:52 +0330 |
| commit | 4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e (patch) | |
| tree | 6fba4877ead0444a1621bf70f2df525f391d3413 /pango/glyphstring.c | |
| parent | 1c9433bfe43890b102c8cead8ab3ee34b44c5c37 (diff) | |
| download | pango-4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e.tar.gz | |
[glyphstring] Handle overflow with very long glyphstrings
Diffstat (limited to 'pango/glyphstring.c')
| -rw-r--r-- | pango/glyphstring.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/pango/glyphstring.c b/pango/glyphstring.c index 42601d52..8fb70313 100644 --- a/pango/glyphstring.c +++ b/pango/glyphstring.c @@ -61,14 +61,28 @@ pango_glyph_string_set_size (PangoGlyphString *string, gint new_len) while (new_len > string->space) { if (string->space == 0) - string->space = 1; + { + string->space = 4; + } else - string->space *= 2; - - if (string->space < 0) { - g_warning ("glyph string length overflows maximum integer size, truncated"); - new_len = string->space = G_MAXINT - 8; + const guint max_space = + MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint))); + + guint more_space = (guint)string->space * 2; + + if (more_space > max_space) + { + more_space = max_space; + + if ((guint)new_len > max_space) + { + g_error ("%s: failed to allocate glyph string of length %i\n", + G_STRLOC, new_len); + } + } + + string->space = more_space; } } |