HB_INTERNAL HB_Pointer _hb_realloc( HB_Pointer block, HB_UInt new_size, HB_Error *perror_ ); typedef unsigned int HB_UInt;
Committed to pango: commit caaa5d09e10d4fe01ef986c9a95826c3cbb13cfa Author: Behdad Esfahbod <firstname.lastname@example.org> Date: Mon Mar 2 14:20:20 2009 +0330 [opentype] Use size_t instead of uint for malloc wrappers Though the macros still do multiplication without checking for overflow. I don't expect it to be a major issue though as most (all?) numbers coming from the font file are 16-bit ints.
Thanks, Behdad. My concern was HB_Buffer, which Pango uses with string lengths. But callers of hb_buffer_ensure seem to only ever increment the buffer by what can be stored in an HB_UShort, so allocation should fail, limiting the length of the buffer, before size_t multiplication overflow occurs, even on 32-bit systems.
Assignee: nobody → mozilla
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.