From 65637d89411e96dee5ee9fc2e8a7b3805c4162a2 Mon Sep 17 00:00:00 2001
From: michi_cc <michi_cc@openttd.org>
Date: Fri, 2 Sep 2011 20:16:41 +0000
Subject: (svn r22874) -Fix [FS#4747]: Check size of various buffers before
 allocation. (monoid)

---
 src/fontcache.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/fontcache.cpp')

diff --git a/src/fontcache.cpp b/src/fontcache.cpp
index b279c3463..616c54a9e 100644
--- a/src/fontcache.cpp
+++ b/src/fontcache.cpp
@@ -1034,6 +1034,9 @@ const Sprite *GetGlyph(FontSize size, WChar key)
 	width  = max(1, slot->bitmap.width + (size == FS_NORMAL));
 	height = max(1, slot->bitmap.rows  + (size == FS_NORMAL));
 
+	/* Limit glyph size to prevent overflows later on. */
+	if (width > 256 || height > 256) usererror("Font glyph is too large");
+
 	/* FreeType has rendered the glyph, now we allocate a sprite and copy the image into it */
 	sprite.AllocateData(width * height);
 	sprite.width = width;
-- 
cgit v1.2.3-54-g00ecf