diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc index 7dfe83a620c258c46ed707962ef0f6ecc812ac90..13d0040408c11857f275dd3464bc6192ede0d1ef 100644 --- a/src/hb-buffer.cc +++ b/src/hb-buffer.cc @@ -80,7 +80,8 @@ _hb_buffer_enlarge (hb_buffer_t *buffer, unsigned int size) bool overflows = FALSE; bool separate_out = buffer->out_info != buffer->info; - if (unlikely (size > ((unsigned int)-1) / 2)) + overflows = size >= ((unsigned int) -1) / sizeof (buffer->info[0]); + if (unlikely (overflows)) goto done; while (size > new_allocated) diff --git a/test/test-buffer.c b/test/test-buffer.c index b79f955d995968860cc7370d3f542225f0d62e61..61a1b48651f6e6ac0fd01303d37a61dd293f9b11 100644 --- a/test/test-buffer.c +++ b/test/test-buffer.c @@ -281,10 +281,35 @@ test_buffer_allocation (fixture_t *fixture, gconstpointer user_data) g_assert (hb_buffer_pre_allocate (fixture->b, 100)); g_assert_cmpint (hb_buffer_get_length (fixture->b), ==, 0); + g_assert (hb_buffer_allocation_successful (fixture->b)); /* lets try a huge allocation, make sure it fails */ g_assert (!hb_buffer_pre_allocate (fixture->b, (unsigned int) -1)); g_assert_cmpint (hb_buffer_get_length (fixture->b), ==, 0); + g_assert (!hb_buffer_allocation_successful (fixture->b)); + + /* small one again */ + g_assert (hb_buffer_pre_allocate (fixture->b, 50)); + g_assert_cmpint (hb_buffer_get_length (fixture->b), ==, 0); + g_assert (!hb_buffer_allocation_successful (fixture->b)); + + hb_buffer_reset (fixture->b); + g_assert (hb_buffer_allocation_successful (fixture->b)); + + /* all allocation and size */ + g_assert (!hb_buffer_pre_allocate (fixture->b, ((unsigned int) -1) / 20 + 1)); + g_assert (!hb_buffer_allocation_successful (fixture->b)); + + hb_buffer_reset (fixture->b); + g_assert (hb_buffer_allocation_successful (fixture->b)); + + /* technically, this one can actually pass on 64bit machines, but + * I'm doubtful that any malloc allows 4GB allocations at a time. */ + g_assert (!hb_buffer_pre_allocate (fixture->b, ((unsigned int) -1) / 20 - 1)); + g_assert (!hb_buffer_allocation_successful (fixture->b)); + + hb_buffer_reset (fixture->b); + g_assert (hb_buffer_allocation_successful (fixture->b)); } @@ -311,7 +336,6 @@ main (int argc, char **argv) g_test_add ("/buffer/allocation", fixture_t, GINT_TO_POINTER (BUFFER_EMPTY), fixture_init, test_buffer_allocation, fixture_fini); /* XXX test invalid UTF-8 / UTF-16 text input (also overlong sequences) */ - /* XXX test pre_allocate(), allocation_successful(), and memory management */ return g_test_run(); }