potential interger overflow - hangul_combination_set_data() in hangulkeyboard.c line 280
KazuhikoMaekawa opened this issue · comments
The following code for malloc() could make integer overflow.
Function malloc takes size_t type and this sometimes does not matched to ULONG_MAX.
I think SIZE_MAX is proper here.
hangulkeyboard.c line 280 - in hangul_combination_set_data():
if (n == 0 || n > ULONG_MAX / sizeof(HangulCombinationItem))
return false;
combination->table = malloc(sizeof(HangulCombinationItem) * n);
Thank you for your report.
I've fixed it.