summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwm4 <wm4@nowhere>2014-11-14 20:19:34 +0100
committerwm4 <wm4@nowhere>2014-11-14 20:35:31 +0100
commit65207f1ce43242c4ec004b92fee4aef16b4c31ec (patch)
tree2286088a531df51d7b02dcd91c626dbbbb04f3ce
parentf2788e6a61e7c2c2d7122f8a90812f55a9958f76 (diff)
downloadlibass-65207f1ce43242c4ec004b92fee4aef16b4c31ec.tar.bz2
libass-65207f1ce43242c4ec004b92fee4aef16b4c31ec.tar.xz
Check some allocations in strike-through code
-rw-r--r--libass/ass_font.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/libass/ass_font.c b/libass/ass_font.c
index 6e2f400..69675c6 100644
--- a/libass/ass_font.c
+++ b/libass/ass_font.c
@@ -345,12 +345,17 @@ static int ass_strike_outline_glyph(FT_Face face, ASS_Font *font,
// Grow outline
i = (under ? 4 : 0) + (through ? 4 : 0);
- ol->points = realloc(ol->points, sizeof(FT_Vector) *
- (ol->n_points + i));
- ol->tags = realloc(ol->tags, ol->n_points + i);
+ if (ol->n_points > SHRT_MAX - i)
+ return 0;
+ if (!ASS_REALLOC_ARRAY(ol->points, ol->n_points + i))
+ return 0;
+ if (!ASS_REALLOC_ARRAY(ol->tags, ol->n_points + i))
+ return 0;
i = !!under + !!through;
- ol->contours = realloc(ol->contours, sizeof(short) *
- (ol->n_contours + i));
+ if (ol->n_contours > SHRT_MAX - i)
+ return 0;
+ if (!ASS_REALLOC_ARRAY(ol->contours, ol->n_contours + i))
+ return 0;
// If the bearing is negative, the glyph starts left of the current
// pen position