[pango] [HB] Add note about auditing sanitize code for overflows

From: Behdad Esfahbod <behdad src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [pango] [HB] Add note about auditing sanitize code for overflows
Date: Fri, 14 Aug 2009 22:43:10 +0000 (UTC)

commit 578e321d3b5a08b86e6f1576f09973a94924e448
Author: Behdad Esfahbod <behdad behdad org>
Date:   Fri Aug 14 16:12:22 2009 -0400

    [HB] Add note about auditing sanitize code for overflows

 pango/opentype/TODO                         |    1 +
 pango/opentype/hb-ot-layout-gpos-private.hh |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/pango/opentype/TODO b/pango/opentype/TODO
index d2b067d..54560aa 100644
--- a/pango/opentype/TODO
+++ b/pango/opentype/TODO
@@ -3,3 +3,4 @@
 - cmap14 support in get_glyph callback
 - size_t?
 - Figure out compiler selection (add test for link to libstdc++)
+- Audit sanitize for int overflows
diff --git a/pango/opentype/hb-ot-layout-gpos-private.hh b/pango/opentype/hb-ot-layout-gpos-private.hh
index e357b01..6b20716 100644
--- a/pango/opentype/hb-ot-layout-gpos-private.hh
+++ b/pango/opentype/hb-ot-layout-gpos-private.hh
@@ -565,7 +565,7 @@ struct PairPosFormat2
 	   SANITIZE_THIS2 (classDef1, classDef2) &&
 	   SANITIZE_MEM (values,
 			 (valueFormat1.get_size () + valueFormat2.get_size ()) *
-			 class1Count * class2Count);
+			 class1Count * class2Count); /* XXX overflow (in other places too) */
   }
 
   private:

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]