[glyphstring] Handle overflow with very long glyphstrings

diff --git a/pango/glyphstring.c b/pango/glyphstring.c
index 42601d5..8fb7031 100644 (file)
--- a/pango/glyphstring.c
+++ b/pango/glyphstring.c
@@ -61,14 +61,28 @@ pango_glyph_string_set_size (PangoGlyphString *string, gint new_len)
   while (new_len > string->space)
     {
       if (string->space == 0)
-       string->space = 1;
+       {
+         string->space = 4;
+       }
       else
-       string->space *= 2;
-
-      if (string->space < 0)
        {
-         g_warning ("glyph string length overflows maximum integer size, truncated");
-         new_len = string->space = G_MAXINT - 8;
+         const guint max_space =
+           MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint)));
+
+         guint more_space = (guint)string->space * 2;
+
+         if (more_space > max_space)
+           {
+             more_space = max_space;
+
+             if ((guint)new_len > max_space)
+               {
+                 g_error ("%s: failed to allocate glyph string of length %i\n",
+                          G_STRLOC, new_len);
+               }
+           }
+
+         string->space = more_space;
        }
     }