walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix possible snprintf OOM 

https://bugzilla.redhat.com/show_bug.cgi?id=1001645
This commit is contained in:
Behdad Esfahbod 2013-08-27 11:44:09 -04:00
parent d22548c0e3
commit 38b8b40526
3 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/hb-buffer-serialize.cc
View File

@ -100,10 +100,10 @@ _hb_buffer_serialize_glyphs_json (hb_buffer_t *buffer,
*p++ = '"';
}
else
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster));
}
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
@ -161,21 +161,21 @@ _hb_buffer_serialize_glyphs_text (hb_buffer_t *buffer,
p += strlen (p);
}
else
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster));
}
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
{
if (pos[i].x_offset || pos[i].y_offset)
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset));
*p++ = '+';
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance));
if (pos->y_advance)
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance);
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance));
}
if (buf_size > (p - b))

3
src/hb-font-private.hh
View File

@ -426,7 +426,8 @@ struct hb_font_t {
{
if (get_glyph_name (glyph, s, size)) return;
snprintf (s, size, "gid%u", glyph);
if (size && snprintf (s, size, "gid%u", glyph) < 0)
*s = '\0';
}
/* Parses gidDDD and uniUUUU strings automatically. */

6
src/hb-shape.cc
View File

@ -181,18 +181,18 @@ hb_feature_to_string (hb_feature_t *feature,
{
s[len++] = '[';
if (feature->start)
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start);
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start));
if (feature->end != feature->start + 1) {
s[len++] = ':';
if (feature->end != (unsigned int) -1)
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end);
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end));
}
s[len++] = ']';
}
if (feature->value > 1)
{
s[len++] = '=';
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value);
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value));
}
assert (len < ARRAY_LENGTH (s));
len = MIN (len, size - 1);