Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0)

Billy O'Connor (billy@oconnoronline.net)
Thu, 13 Jun 2002 13:34:22 -0400 (EDT)

>From billy Thu Jun 13 12:31:23 2002
From: Melchior FRANZ <a8603365@unet.univie.ac.at>
Date: Thu, 13 Jun 2002 19:17:49 +0200
X-PGP: http://www.unet.univie.ac.at/~a8603365/melchior.franz
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org

* Melchior FRANZ -- Thursday 13 June 2002 18:49:
> * rjh@world.std.com -- Thursday 13 June 2002 18:33:
> > It resulted in an almost infinite size malloc() request.
>
> No. AFAIK it is caused in the file xc/lib/font/Type1/t1font.c
^^^^^^^^
This should have been t1func.c, sorry.

t1func.c ?

This bit here, in Type1OpenScalable()?

/* heuristic for "maximum" size of pool we'll need: */
size = 200000 + 120 *
(int)hypot(vals->pixel_matrix[2],
vals->pixel_matrix[3])
* sizeof(short);
if (size < 0 || NULL == (pool = (long *)xalloc(size))) {
xfree(cid);
DestroyFontRec(pFont);
return AllocError;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/