12 Nov
2018
12 Nov
'18
12:49 p.m.
Henri Verbeet hverbeet@gmail.com writes:
On Mon, 12 Nov 2018 at 14:28, Huw Davies huw@codeweavers.com wrote:
If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it will overflow in (table->len + 3) and HeapAlloc does not allocate as much memory as expected.
I don't think that's worth covering. I've sent in a cleaner version.
I'm inclined to side somewhat with Wolfgang here. I.e., fonts are essentially untrusted data, and it seems plausible enough that someone may set unreasonable values on purpose.
It seems to me that this should be caught by the lower layers, ideally in FreeType or else in gdi32.
--
Alexandre Julliard
julliard@winehq.org