From 895759096309e7ce97c6fb019381b000df7d8e34 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Sat, 23 Jan 2021 19:53:12 -0500
Subject: Avoid overflow when updating attr lists

Avoid overflow when updating the end_index of
attributes in pango_attr_list_update. This is
a real risk, because end_index is commonly set
to G_MAXUINT to mean 'until the very end'.

Test included.

Fixes: #455
---
 pango/pango-attributes.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pango/pango-attributes.c b/pango/pango-attributes.c
index 38a41517..3ef76a70 100644
--- a/pango/pango-attributes.c
+++ b/pango/pango-attributes.c
@@ -1733,7 +1733,10 @@ pango_attr_list_update (PangoAttrList *list,
           }
         else if (attr->end_index >= pos + remove)
           {
-            attr->end_index += add - remove;
+            if (G_MAXUINT - attr->end_index < add - remove)
+              attr->end_index = G_MAXUINT;
+            else
+              attr->end_index += add - remove;
           }
       }
 }
-- 
cgit v1.2.1