Bug 592484 - invalid write in HB

author Behdad Esfahbod <behdad@behdad.org>

Thu, 20 Aug 2009 18:01:37 +0000 (14:01 -0400)

committer Behdad Esfahbod <behdad@behdad.org>

Mon, 2 Nov 2009 19:40:47 +0000 (14:40 -0500)
author Behdad Esfahbod <behdad@behdad.org>
Thu, 20 Aug 2009 18:01:37 +0000 (14:01 -0400)
committer Behdad Esfahbod <behdad@behdad.org>
Mon, 2 Nov 2009 19:40:47 +0000 (14:40 -0500)
diff --git a/src/hb-ot-layout.cc b/src/hb-ot-layout.cc

index 8d0a25a..8882327 100644 (file)
--- a/src/hb-ot-layout.cc
+++ b/src/hb-ot-layout.cc
@@ -226,8 +226,8 @@ _hb_ot_layout_set_glyph_class (hb_face_t                  *face,
      unsigned char *new_klasses;
  
      new_len = len == 0 ? 120 : 2 * len;
-    if (new_len > 65535)
-      new_len = 65535;
+    if (new_len > 65536)
+      new_len = 65536;
      new_klasses = (unsigned char *) realloc (layout->new_gdef.klasses, new_len * sizeof (unsigned char));
  
      if (HB_UNLIKELY (!new_klasses))
author	Behdad Esfahbod <behdad@behdad.org>
	Thu, 20 Aug 2009 18:01:37 +0000 (14:01 -0400)
committer	Behdad Esfahbod <behdad@behdad.org>
	Mon, 2 Nov 2009 19:40:47 +0000 (14:40 -0500)