summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBehdad Esfahbod <behdad@behdad.org>2013-08-27 11:44:09 -0400
committerBehdad Esfahbod <behdad@behdad.org>2013-08-27 11:46:07 -0400
commit38b8b40526a85f33521542e24d1e0c82588efc85 (patch)
tree94d59eeacd4d68ac94925456638c6359d2ae7a60
parentd22548c0e362cc9447557440af9ecbb11badfa78 (diff)
Fix possible snprintf OOM
https://bugzilla.redhat.com/show_bug.cgi?id=1001645
Diffstat
-rw-r--r--src/hb-buffer-serialize.cc14
-rw-r--r--src/hb-font-private.hh3
-rw-r--r--src/hb-shape.cc6
3 files changed, 12 insertions, 11 deletions
diff --git a/src/hb-buffer-serialize.cc b/src/hb-buffer-serialize.cc
index dc47ba73..eac69000 100644
--- a/src/hb-buffer-serialize.cc
+++ b/src/hb-buffer-serialize.cc
@@ -100,10 +100,10 @@ _hb_buffer_serialize_glyphs_json (hb_buffer_t *buffer,
*p++ = '"';
}
else
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",\"cl\":%u", info[i].cluster));
}
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
@@ -161,21 +161,21 @@ _hb_buffer_serialize_glyphs_text (hb_buffer_t *buffer,
p += strlen (p);
}
else
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%u", info[i].codepoint));
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_CLUSTERS)) {
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "=%u", info[i].cluster));
}
if (!(flags & HB_BUFFER_SERIALIZE_FLAG_NO_POSITIONS))
{
if (pos[i].x_offset || pos[i].y_offset)
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "@%d,%d", pos[i].x_offset, pos[i].y_offset));
*p++ = '+';
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), "%d", pos[i].x_advance));
if (pos->y_advance)
- p += snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance);
+ p += MAX (0, snprintf (p, ARRAY_LENGTH (b) - (p - b), ",%d", pos[i].y_advance));
}
if (buf_size > (p - b))
diff --git a/src/hb-font-private.hh b/src/hb-font-private.hh
index acea1d72..2b9b544d 100644
--- a/src/hb-font-private.hh
+++ b/src/hb-font-private.hh
@@ -426,7 +426,8 @@ struct hb_font_t {
{
if (get_glyph_name (glyph, s, size)) return;
- snprintf (s, size, "gid%u", glyph);
+ if (size && snprintf (s, size, "gid%u", glyph) < 0)
+ *s = '\0';
}
/* Parses gidDDD and uniUUUU strings automatically. */
diff --git a/src/hb-shape.cc b/src/hb-shape.cc
index c28fdfa2..80d8c130 100644
--- a/src/hb-shape.cc
+++ b/src/hb-shape.cc
@@ -181,18 +181,18 @@ hb_feature_to_string (hb_feature_t *feature,
{
s[len++] = '[';
if (feature->start)
- len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start);
+ len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->start));
if (feature->end != feature->start + 1) {
s[len++] = ':';
if (feature->end != (unsigned int) -1)
- len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end);
+ len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->end));
}
s[len++] = ']';
}
if (feature->value > 1)
{
s[len++] = '=';
- len += snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value);
+ len += MAX (0, snprintf (s + len, ARRAY_LENGTH (s) - len, "%d", feature->value));
}
assert (len < ARRAY_LENGTH (s));
len = MIN (len, size - 1);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 18:28:55 +0000