procyberian/emacs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid crashes due to insanely large columns in tabulated-list-format

Browse source 
* src/xdisp.c (append_stretch_glyph, produce_xwidget_glyph)
(produce_image_glyph): Limit the pixel width of the produced glyph
to SHRT_MAX.  (Bug#23178)
(append_composite_glyph, append_glyph, append_glyphless_glyph):
Add assertions to verify that the pixel width of the glyph will
never overflow a 'short'.
* src/term.c (append_composite_glyph): Add assertion to verify
that the pixel width of the glyph will never overflow a 'short'.
This commit is contained in:
Eli Zaretskii 2016-04-01 12:47:29 +03:00
parent a3daa34336
commit b3b523cdd6
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/term.c
View file

@ -1676,6 +1676,7 @@ append_composite_glyph (struct it *it)
glyph = it->glyph_row->glyphs[it->area];
}
glyph->type = COMPOSITE_GLYPH;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width;
glyph->u.cmp.id = it->cmp_it.id;
if (it->cmp_it.ch < 0)

11
src/xdisp.c
View file

@ -25828,6 +25828,7 @@ append_glyph (struct it *it)
glyph->object = it->object;
if (it->pixel_width > 0)
{
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width;
glyph->padding_p = false;
}
@ -25908,6 +25909,7 @@ append_composite_glyph (struct it *it)
}
glyph->charpos = it->cmp_it.charpos;
glyph->object = it->object;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width;
glyph->ascent = it->ascent;
glyph->descent = it->descent;
@ -26117,7 +26119,7 @@ produce_image_glyph (struct it *it)
{
glyph->charpos = CHARPOS (it->position);
glyph->object = it->object;
glyph->pixel_width = it->pixel_width;
glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX);
glyph->ascent = glyph_ascent;
glyph->descent = it->descent;
glyph->voffset = it->voffset;
@ -26221,7 +26223,7 @@ produce_xwidget_glyph (struct it *it)
{
glyph->charpos = CHARPOS (it->position);
glyph->object = it->object;
glyph->pixel_width = it->pixel_width;
glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX);
glyph->ascent = glyph_ascent;
glyph->descent = it->descent;
glyph->voffset = it->voffset;
@ -26307,7 +26309,9 @@ append_stretch_glyph (struct it *it, Lisp_Object object,
}
glyph->charpos = CHARPOS (it->position);
glyph->object = object;
glyph->pixel_width = width;
/* FIXME: It would be better to use TYPE_MAX here, but
__typeof__ is not portable enough... */
glyph->pixel_width = clip_to_bounds (-1, width, SHRT_MAX);
glyph->ascent = ascent;
glyph->descent = height - ascent;
glyph->voffset = it->voffset;
@ -26758,6 +26762,7 @@ append_glyphless_glyph (struct it *it, int face_id, bool for_no_font, int len,
}
glyph->charpos = CHARPOS (it->position);
glyph->object = it->object;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width;
glyph->ascent = it->ascent;
glyph->descent = it->descent;