On Mon, Nov 12, 2018 at 04:04:32PM +0330, Henri Verbeet wrote:
On Mon, 12 Nov 2018 at 14:28, Huw Davies huw@codeweavers.com wrote:
If table->len (which itself is a DWORD) gets bigger than 0xfffffffflu - 3 it will overflow in (table->len + 3) and HeapAlloc does not allocate as much memory as expected.
I don't think that's worth covering. I've sent in a cleaner version.
I'm inclined to side somewhat with Wolfgang here. I.e., fonts are essentially untrusted data, and it seems plausible enough that someone may set unreasonable values on purpose.
Sure, it's easy enough to send in a follow-up patch after the missing table patch is in.
Huw.