diff options
author | Eli Zaretskii <eliz@gnu.org> | 2016-04-01 12:47:29 +0300 |
---|---|---|
committer | Eli Zaretskii <eliz@gnu.org> | 2016-04-01 12:47:29 +0300 |
commit | b3b523cdd66c53677c39f743a18e4c180c2ec248 (patch) | |
tree | 9d23902ef39aefc257d90fecb04799d0517a5600 | |
parent | a3daa34336da158555d96d670077eedb9eaeeb9c (diff) |
Avoid crashes due to insanely large columns in tabulated-list-format
* src/xdisp.c (append_stretch_glyph, produce_xwidget_glyph)
(produce_image_glyph): Limit the pixel width of the produced glyph
to SHRT_MAX. (Bug#23178)
(append_composite_glyph, append_glyph, append_glyphless_glyph):
Add assertions to verify that the pixel width of the glyph will
never overflow a 'short'.
* src/term.c (append_composite_glyph): Add assertion to verify
that the pixel width of the glyph will never overflow a 'short'.
-rw-r--r-- | src/term.c | 1 | ||||
-rw-r--r-- | src/xdisp.c | 11 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/term.c b/src/term.c index a77e5729b5..4397210965 100644 --- a/src/term.c +++ b/src/term.c @@ -1676,6 +1676,7 @@ append_composite_glyph (struct it *it) glyph = it->glyph_row->glyphs[it->area]; } glyph->type = COMPOSITE_GLYPH; + eassert (it->pixel_width <= SHRT_MAX); glyph->pixel_width = it->pixel_width; glyph->u.cmp.id = it->cmp_it.id; if (it->cmp_it.ch < 0) diff --git a/src/xdisp.c b/src/xdisp.c index 5be94f0cd0..cc2c951ce5 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -25828,6 +25828,7 @@ append_glyph (struct it *it) glyph->object = it->object; if (it->pixel_width > 0) { + eassert (it->pixel_width <= SHRT_MAX); glyph->pixel_width = it->pixel_width; glyph->padding_p = false; } @@ -25908,6 +25909,7 @@ append_composite_glyph (struct it *it) } glyph->charpos = it->cmp_it.charpos; glyph->object = it->object; + eassert (it->pixel_width <= SHRT_MAX); glyph->pixel_width = it->pixel_width; glyph->ascent = it->ascent; glyph->descent = it->descent; @@ -26117,7 +26119,7 @@ produce_image_glyph (struct it *it) { glyph->charpos = CHARPOS (it->position); glyph->object = it->object; - glyph->pixel_width = it->pixel_width; + glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX); glyph->ascent = glyph_ascent; glyph->descent = it->descent; glyph->voffset = it->voffset; @@ -26221,7 +26223,7 @@ produce_xwidget_glyph (struct it *it) { glyph->charpos = CHARPOS (it->position); glyph->object = it->object; - glyph->pixel_width = it->pixel_width; + glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX); glyph->ascent = glyph_ascent; glyph->descent = it->descent; glyph->voffset = it->voffset; @@ -26307,7 +26309,9 @@ append_stretch_glyph (struct it *it, Lisp_Object object, } glyph->charpos = CHARPOS (it->position); glyph->object = object; - glyph->pixel_width = width; + /* FIXME: It would be better to use TYPE_MAX here, but + __typeof__ is not portable enough... */ + glyph->pixel_width = clip_to_bounds (-1, width, SHRT_MAX); glyph->ascent = ascent; glyph->descent = height - ascent; glyph->voffset = it->voffset; @@ -26758,6 +26762,7 @@ append_glyphless_glyph (struct it *it, int face_id, bool for_no_font, int len, } glyph->charpos = CHARPOS (it->position); glyph->object = it->object; + eassert (it->pixel_width <= SHRT_MAX); glyph->pixel_width = it->pixel_width; glyph->ascent = it->ascent; glyph->descent = it->descent; |