Commit b3b523cd authored by Eli Zaretskii's avatar Eli Zaretskii

Avoid crashes due to insanely large columns in tabulated-list-format

* src/xdisp.c (append_stretch_glyph, produce_xwidget_glyph)
(produce_image_glyph): Limit the pixel width of the produced glyph
to SHRT_MAX.  (Bug#23178)
(append_composite_glyph, append_glyph, append_glyphless_glyph):
Add assertions to verify that the pixel width of the glyph will
never overflow a 'short'.
* src/term.c (append_composite_glyph): Add assertion to verify
that the pixel width of the glyph will never overflow a 'short'.
parent a3daa343
...@@ -1676,6 +1676,7 @@ append_composite_glyph (struct it *it) ...@@ -1676,6 +1676,7 @@ append_composite_glyph (struct it *it)
glyph = it->glyph_row->glyphs[it->area]; glyph = it->glyph_row->glyphs[it->area];
} }
glyph->type = COMPOSITE_GLYPH; glyph->type = COMPOSITE_GLYPH;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width; glyph->pixel_width = it->pixel_width;
glyph->u.cmp.id = it->cmp_it.id; glyph->u.cmp.id = it->cmp_it.id;
if (it->cmp_it.ch < 0) if (it->cmp_it.ch < 0)
......
...@@ -25828,6 +25828,7 @@ append_glyph (struct it *it) ...@@ -25828,6 +25828,7 @@ append_glyph (struct it *it)
glyph->object = it->object; glyph->object = it->object;
if (it->pixel_width > 0) if (it->pixel_width > 0)
{ {
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width; glyph->pixel_width = it->pixel_width;
glyph->padding_p = false; glyph->padding_p = false;
} }
...@@ -25908,6 +25909,7 @@ append_composite_glyph (struct it *it) ...@@ -25908,6 +25909,7 @@ append_composite_glyph (struct it *it)
} }
glyph->charpos = it->cmp_it.charpos; glyph->charpos = it->cmp_it.charpos;
glyph->object = it->object; glyph->object = it->object;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width; glyph->pixel_width = it->pixel_width;
glyph->ascent = it->ascent; glyph->ascent = it->ascent;
glyph->descent = it->descent; glyph->descent = it->descent;
...@@ -26117,7 +26119,7 @@ produce_image_glyph (struct it *it) ...@@ -26117,7 +26119,7 @@ produce_image_glyph (struct it *it)
{ {
glyph->charpos = CHARPOS (it->position); glyph->charpos = CHARPOS (it->position);
glyph->object = it->object; glyph->object = it->object;
glyph->pixel_width = it->pixel_width; glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX);
glyph->ascent = glyph_ascent; glyph->ascent = glyph_ascent;
glyph->descent = it->descent; glyph->descent = it->descent;
glyph->voffset = it->voffset; glyph->voffset = it->voffset;
...@@ -26221,7 +26223,7 @@ produce_xwidget_glyph (struct it *it) ...@@ -26221,7 +26223,7 @@ produce_xwidget_glyph (struct it *it)
{ {
glyph->charpos = CHARPOS (it->position); glyph->charpos = CHARPOS (it->position);
glyph->object = it->object; glyph->object = it->object;
glyph->pixel_width = it->pixel_width; glyph->pixel_width = clip_to_bounds (-1, it->pixel_width, SHRT_MAX);
glyph->ascent = glyph_ascent; glyph->ascent = glyph_ascent;
glyph->descent = it->descent; glyph->descent = it->descent;
glyph->voffset = it->voffset; glyph->voffset = it->voffset;
...@@ -26307,7 +26309,9 @@ append_stretch_glyph (struct it *it, Lisp_Object object, ...@@ -26307,7 +26309,9 @@ append_stretch_glyph (struct it *it, Lisp_Object object,
} }
glyph->charpos = CHARPOS (it->position); glyph->charpos = CHARPOS (it->position);
glyph->object = object; glyph->object = object;
glyph->pixel_width = width; /* FIXME: It would be better to use TYPE_MAX here, but
__typeof__ is not portable enough... */
glyph->pixel_width = clip_to_bounds (-1, width, SHRT_MAX);
glyph->ascent = ascent; glyph->ascent = ascent;
glyph->descent = height - ascent; glyph->descent = height - ascent;
glyph->voffset = it->voffset; glyph->voffset = it->voffset;
...@@ -26758,6 +26762,7 @@ append_glyphless_glyph (struct it *it, int face_id, bool for_no_font, int len, ...@@ -26758,6 +26762,7 @@ append_glyphless_glyph (struct it *it, int face_id, bool for_no_font, int len,
} }
glyph->charpos = CHARPOS (it->position); glyph->charpos = CHARPOS (it->position);
glyph->object = it->object; glyph->object = it->object;
eassert (it->pixel_width <= SHRT_MAX);
glyph->pixel_width = it->pixel_width; glyph->pixel_width = it->pixel_width;
glyph->ascent = it->ascent; glyph->ascent = it->ascent;
glyph->descent = it->descent; glyph->descent = it->descent;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment