[pango/attr-list-overflow: 2/2] Avoid overflow when updating attr lists

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [pango/attr-list-overflow: 2/2] Avoid overflow when updating attr lists
Date: Sun, 24 Jan 2021 00:54:41 +0000 (UTC)


commit 895759096309e7ce97c6fb019381b000df7d8e34
Author: Matthias Clasen <mclasen redhat com>
Date:   Sat Jan 23 19:53:12 2021 -0500

    Avoid overflow when updating attr lists
    
    Avoid overflow when updating the end_index of
    attributes in pango_attr_list_update. This is
    a real risk, because end_index is commonly set
    to G_MAXUINT to mean 'until the very end'.
    
    Test included.
    
    Fixes: #455

 pango/pango-attributes.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
---
diff --git a/pango/pango-attributes.c b/pango/pango-attributes.c
index 38a41517..3ef76a70 100644
--- a/pango/pango-attributes.c
+++ b/pango/pango-attributes.c
@@ -1733,7 +1733,10 @@ pango_attr_list_update (PangoAttrList *list,
           }
         else if (attr->end_index >= pos + remove)
           {
-            attr->end_index += add - remove;
+            if (G_MAXUINT - attr->end_index < add - remove)
+              attr->end_index = G_MAXUINT;
+            else
+              attr->end_index += add - remove;
           }
       }
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]