diff options
Diffstat (limited to 'libXfont/src/fontfile')
-rw-r--r-- | libXfont/src/fontfile/dirfile.c | 4 | ||||
-rw-r--r-- | libXfont/src/fontfile/fontdir.c | 5 |
2 files changed, 9 insertions, 0 deletions
diff --git a/libXfont/src/fontfile/dirfile.c b/libXfont/src/fontfile/dirfile.c index c8aff6f4f..789fde5ff 100644 --- a/libXfont/src/fontfile/dirfile.c +++ b/libXfont/src/fontfile/dirfile.c @@ -42,6 +42,7 @@ in this Software without prior written authorization from The Open Group. #include <sys/types.h> #include <sys/stat.h> #include <errno.h> +#include <limits.h> static Bool AddFileNameAliases ( FontDirectoryPtr dir ); static int ReadFontAlias ( char *directory, Bool isFile, @@ -374,6 +375,9 @@ lexAlias(FILE *file, char **lexToken) int nsize; char *nbuf; + if (tokenSize >= (INT_MAX >> 2)) + /* Stop before we overflow */ + return EALLOC; nsize = tokenSize ? (tokenSize << 1) : 64; nbuf = realloc(tokenBuf, nsize); if (!nbuf) diff --git a/libXfont/src/fontfile/fontdir.c b/libXfont/src/fontfile/fontdir.c index 97b2ba3b1..ce1595c8b 100644 --- a/libXfont/src/fontfile/fontdir.c +++ b/libXfont/src/fontfile/fontdir.c @@ -177,6 +177,11 @@ FontFileAddEntry(FontTablePtr table, FontEntryPtr prototype) if (table->sorted) return (FontEntryPtr) 0; /* "cannot" happen */ if (table->used == table->size) { + if (table->size >= ((INT32_MAX / sizeof(FontEntryRec)) - 100)) + /* If we've read so many entries we're going to ask for 2gb + or more of memory, something is so wrong with this font + directory that we should just give up before we overflow. */ + return NULL; newsize = table->size + 100; entry = realloc(table->entries, newsize * sizeof(FontEntryRec)); if (!entry) |