[pango] pangofc-shape: Fix potential array overrun

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [pango] pangofc-shape: Fix potential array overrun
Date: Tue, 14 Feb 2017 12:27:13 +0000 (UTC)

commit 318fd546a0ab8ad68f65f5f81b0a6fb845141a9f
Author: Philip Withnall <withnall endlessm com>
Date:   Tue Feb 14 10:32:26 2017 +0000

    pangofc-shape: Fix potential array overrun
    
    If this loop adds the final feature to the features array, the start and
    end assignment for the next feature will drop off the end of the array.
    I don’t think the assignments are necessary, since num_features stores
    the number of elements in the array (so it doesn’t need to be
    terminated), and the start and end elements are assigned each time a
    feature is parsed.
    
    Coverity ID: 1391709
    
    Signed-off-by: Philip Withnall <withnall endlessm com>
    
    https://bugzilla.gnome.org/show_bug.cgi?id=778601

 pango/pangofc-shape.c |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)
---
diff --git a/pango/pangofc-shape.c b/pango/pangofc-shape.c
index 816aa8b..6cd9818 100644
--- a/pango/pangofc-shape.c
+++ b/pango/pangofc-shape.c
@@ -393,11 +393,7 @@ _pango_fc_shape (PangoFont           *font,
                    len = -1;
 
                  if (hb_feature_from_string (feat, len, &features[num_features]))
-                 {
                    num_features++;
-                   features[num_features].start = 0;
-                   features[num_features].end = -1;
-                 }
 
                  if (end == NULL)
                    break;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]