Fix possible snprintf OOM
https://bugzilla.redhat.com/show_bug.cgi?id=1001645
This commit is contained in:
parent
d22548c0e3
commit
38b8b40526
|
@ -100,10 +100,10 @@ _hb_buffer_serialize_glyphs_json (hb_buffer_t *buffer,
|
||||||
*p++ = '"';
|
*p++ = '"';
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
|
||||||
|
|
||||||
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
|
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
|
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
|
||||||
|
@ -161,21 +161,21 @@ _hb_buffer_serialize_glyphs_text (hb_buffer_t *buffer,
|
||||||
p += strlen (p);
|
p += strlen (p);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
|
||||||
|
|
||||||
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
|
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
|
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
|
||||||
{
|
{
|
||||||
if (pos[i].x_offset || pos[i].y_offset)
|
if (pos[i].x_offset || pos[i].y_offset)
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset));
|
||||||
|
|
||||||
*p++ = '+';
|
*p++ = '+';
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance));
|
||||||
if (pos->y_advance)
|
if (pos->y_advance)
|
||||||
p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance);
|
p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (buf_size > (p - b))
|
if (buf_size > (p - b))
|
||||||
|
|
|
@ -426,7 +426,8 @@ struct hb_font_t {
|
||||||
{
|
{
|
||||||
if (get_glyph_name (glyph, s, size)) return;
|
if (get_glyph_name (glyph, s, size)) return;
|
||||||
|
|
||||||
snprintf (s, size, "gid%u", glyph);
|
if (size && snprintf (s, size, "gid%u", glyph) < 0)
|
||||||
|
*s = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Parses gidDDD and uniUUUU strings automatically. */
|
/* Parses gidDDD and uniUUUU strings automatically. */
|
||||||
|
|
|
@ -181,18 +181,18 @@ hb_feature_to_string (hb_feature_t *feature,
|
||||||
{
|
{
|
||||||
s[len++] = '[';
|
s[len++] = '[';
|
||||||
if (feature->start)
|
if (feature->start)
|
||||||
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start);
|
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start));
|
||||||
if (feature->end != feature->start + 1) {
|
if (feature->end != feature->start + 1) {
|
||||||
s[len++] = ':';
|
s[len++] = ':';
|
||||||
if (feature->end != (unsigned int) -1)
|
if (feature->end != (unsigned int) -1)
|
||||||
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end);
|
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end));
|
||||||
}
|
}
|
||||||
s[len++] = ']';
|
s[len++] = ']';
|
||||||
}
|
}
|
||||||
if (feature->value > 1)
|
if (feature->value > 1)
|
||||||
{
|
{
|
||||||
s[len++] = '=';
|
s[len++] = '=';
|
||||||
len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value);
|
len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value));
|
||||||
}
|
}
|
||||||
assert (len < ARRAY_LENGTH (s));
|
assert (len < ARRAY_LENGTH (s));
|
||||||
len = MIN (len, size - 1);
|
len = MIN (len, size - 1);
|
||||||
|
|
Loading…
Reference in New Issue