walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[subset] Add table size blowup bound 

Fixes https://github.com/harfbuzz/harfbuzz/issues/3091
This commit is contained in:
Behdad Esfahbod 2022-07-13 15:32:19 -06:00
parent 4b3afafb00
commit ac216972ab
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/hb-subset.cc
View File

@ -242,10 +242,15 @@ _try_subset (const TableType *table,
unsigned buf_size = buf->allocated;
buf_size = buf_size * 2 + 16;
DEBUG_MSG (SUBSET, nullptr, "OT::%c%c%c%c ran out of room; reallocating to %u bytes.",
HB_UNTAG (c->table_tag), buf_size);
if (unlikely (!buf->alloc (buf_size)))
if (unlikely (buf_size > c->source_blob->length * 16 ||
!buf->alloc (buf_size)))
{
DEBUG_MSG (SUBSET, nullptr, "OT::%c%c%c%c failed to reallocate %u bytes.",
HB_UNTAG (c->table_tag), buf_size);