2006-05-01 Behdad Esfahbod <behdad@gnome.org>
Bug 340229 – pango_font_description_from_string does not do bound
checking
* pango/fonts.c (pango_font_description_set_size),
(pango_font_description_set_absolute_size), (parse_size):
* pango/pango-markup.c (span_parse_func): Don't accept negative font
sizes, and make sure sizes don't overflow.
+2006-05-01 Behdad Esfahbod <behdad@gnome.org>
+
+ Bug 340229 – pango_font_description_from_string does not do bound
+ checking
+
+ * pango/fonts.c (pango_font_description_set_size),
+ (pango_font_description_set_absolute_size), (parse_size):
+ * pango/pango-markup.c (span_parse_func): Don't accept negative font
+ sizes, and make sure sizes don't overflow.
+
2006-04-29 Behdad Esfahbod <behdad@gnome.org>
* configure.in: Require cairo >= 1.1.2. Also pass -no-undefined on all
gint size)
{
g_return_if_fail (desc != NULL);
+ g_return_if_fail (size >= 0);
desc->size = size;
desc->size_is_absolute = FALSE;
double size)
{
g_return_if_fail (desc != NULL);
+ g_return_if_fail (size >= 0);
desc->size = size;
desc->size_is_absolute = TRUE;
char *end;
double size = g_ascii_strtod (word, &end);
- if ((size_t)(end - word) == wordlen) /* word is a valid float */
+ if ((size_t)(end - word) == wordlen && size >= 0 && size <= 1000000) /* word is a valid float */
{
if (pango_size)
*pango_size = (int)(size * PANGO_SCALE + 0.5);
n = strtoul (size, &end, 10);
- if (*end != '\0')
+ if (*end != '\0' || n < 0 || n > 1000000)
{
g_set_error (error,
G_MARKUP_ERROR,
projects / platform / upstream / pango.git / commitdiff