[pango/pidgin-crash: 1/2] layout: Avoid a crash with short strings

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [pango/pidgin-crash: 1/2] layout: Avoid a crash with short strings
Date: Thu, 30 Jul 2020 14:10:36 +0000 (UTC)


commit 6e04db81b9dc5913607bd97e1000d59c6ed0c496
Author: Matthias Clasen <mclasen redhat com>
Date:   Thu Jul 30 10:06:53 2020 -0400

    layout: Avoid a crash with short strings
    
    You can call pango_layout_set_text() with a length that
    is longer than the string (and there's code in the wild
    that does that). We try to handle it by only looking at
    the initial segment of the text, but we are forgetting
    to set layout->length to the length of that segment,
    leading us to access beyond the string end later.
    
    This fixes #490

 pango/pango-layout.c | 1 +
 1 file changed, 1 insertion(+)
---
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index b07c84878..92d858b2b 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -1173,6 +1173,7 @@ pango_layout_set_text (PangoLayout *layout,
     g_warning ("Invalid UTF-8 string passed to pango_layout_set_text()");
 
   layout->n_chars = pango_utf8_strlen (layout->text, -1);
+  layout->length = strlen (layout->text);
 
   layout_changed (layout);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]