Fix possible overflow

2011-02-28 10:13:52 -08:00 · 2011-02-28 10:13:52 -08:00 · b5dd44e246
commit b5dd44e246
parent a4b781e93a
1 changed files with 10 additions and 2 deletions
--- a/src/hb-buffer.cc
+++ b/src/hb-buffer.cc
@ -73,8 +73,16 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size)
  while (size > new_allocated)
    new_allocated += (new_allocated >> 1) + 8;

-  new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));
-  new_info = (hb_glyph_info_t *) realloc (buffer->info, new_allocated * sizeof (buffer->info[0]));
+  ASSERT_STATIC (sizeof (buffer->info[0]) == sizeof (buffer->pos[0]));
+  bool overflows = new_allocated >= ((unsigned int) -1) / sizeof (buffer->info[0]);
+
+  if (unlikely (overflows)) {
+    new_pos = NULL;
+    new_info = NULL;
+  } else {
+    new_pos = (hb_glyph_position_t *) realloc (buffer->pos, new_allocated * sizeof (buffer->pos[0]));
+    new_info = (hb_glyph_info_t *) realloc (buffer->info, new_allocated * sizeof (buffer->info[0]));
+  }

  if (unlikely (!new_pos || !new_info))
    buffer->in_error = TRUE;