Check the size of the g_new arguments

We're passing integers without validating their size, and newer GCC are
very cross about it, with warnings like:

    warning: argument 1 range [18446744071562067968, 18446744073709551615]
    exceeds maximum object size 9223372036854775807 [-Walloc-size-larger-than=]

We should check we're not overflowing the allocation size, by limiting
the range of values we can use.

First of all, we need to use `gsize` instead of a random `int`, since we're
allocating data.

Additionally, we need to check that the multiplication that computes the
size of the allocation doesn't overflow the maximum value of a `gsize`.

1 files changed, 11 insertions, 2 deletions

diff --git a/gtk/gtkcomposetable.c b/gtk/gtkcomposetable.c
index 207611aa9f..e451cdb3bf 100644
--- a/gtk/gtkcomposetable.c
+++ b/gtk/gtkcomposetable.c
@@ -835,14 +835,23 @@ gtk_compose_table_list_add_array (GSList        *compose_tables,
 {
   guint32 hash;
   GtkComposeTable *compose_table;
-  int n_index_stride = max_seq_len + 2;
-  int length = n_index_stride * n_seqs;
+  gsize n_index_stride;
+  gsize length;
+  gsize max_size = (gsize) -1;
   int i;
   guint16 *gtk_compose_seqs = NULL;
 
   g_return_val_if_fail (data != NULL, compose_tables);
   g_return_val_if_fail (max_seq_len <= GTK_MAX_COMPOSE_LEN, compose_tables);
 
+  n_index_stride = MIN (max_seq_len, GTK_MAX_COMPOSE_LEN) + 2;
+  if (n_seqs > max_size / n_index_stride)
+    {
+      g_critical ("Overflow in the compose sequences");
+      return compose_tables;
+    }
+
+  length = n_index_stride * n_seqs;
   hash = gtk_compose_table_data_hash (data, length);
 
   if (g_slist_find_custom (compose_tables, GINT_TO_POINTER (hash), gtk_compose_table_find) != NULL)