12 Nov
2018
12 Nov
'18
12:34 p.m.
On Mon, 12 Nov 2018 at 14:28, Huw Davies huw@codeweavers.com wrote:
If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it will overflow in (table->len + 3) and HeapAlloc does not allocate as much memory as expected.
I don't think that's worth covering. I've sent in a cleaner version.
I'm inclined to side somewhat with Wolfgang here. I.e., fonts are essentially untrusted data, and it seems plausible enough that someone may set unreasonable values on purpose.