[pango: 1/2] Let get_items_log_attrs take the start-of-text offset into account
- From: Matthias Clasen <matthiasc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pango: 1/2] Let get_items_log_attrs take the start-of-text offset into account
- Date: Sat, 12 Sep 2020 18:16:11 +0000 (UTC)
commit 42e1738baebbf82e71d2a8f156b023339d0a4c92
Author: Stephan Bergmann <sbergman redhat com>
Date: Thu Sep 10 15:18:03 2020 +0200
Let get_items_log_attrs take the start-of-text offset into account
...when interpreting item->offset values.
I ran into this when executing tests of recent LibreOffice master with ASan on
Fedora 32 (with pango-1.44.7-2.fc32.x86_64), where one of the tests renders
various dialogs with a Tamil localization and failed with
> ==97247==ERROR: AddressSanitizer: SEGV on unknown address 0x60b000210006 (pc 0x7fd6c5b22b54 bp
0x61d0004b4150 sp 0x7fff107a0d18 T0)
> ==97247==The signal is caused by a READ memory access.
> #0 in g_utf8_get_char at ../glib/gutf8.c:319:37 (/lib64/libglib-2.0.so.0 +0x85b54)
> #1 in break_indic at ../pango/break-indic.c:119:17 (/lib64/libpango-1.0.so.0 +0x1076d)
> #2 in break_script at ../pango/break.c:1896:7 (/lib64/libpango-1.0.so.0 +0x1076d)
> #3 in tailor_break at ../pango/break.c:1606:9 (/lib64/libpango-1.0.so.0 +0x147db)
> #4 in pango_tailor_break at ../pango/break.c:1774:7 (/lib64/libpango-1.0.so.0 +0x147db)
> #5 in get_items_log_attrs at ../pango/pango-layout.c:4032:7 (/lib64/libpango-1.0.so.0 +0x2729c)
> #6 in pango_layout_check_lines at ../pango/pango-layout.c:4289:7 (/lib64/libpango-1.0.so.0 +0x2729c)
> #7 in pango_layout_get_extents_internal at ../pango/pango-layout.c:2623:3 (/lib64/libpango-1.0.so.0
+0x29068)
> #8 in gtk_label_get_measuring_layout at
/usr/src/debug/gtk3-3.24.22-1.fc32.x86_64/gtk/gtklabel.c:3376:3 (/lib64/libgtk-3.so.0 +0x2454d0)
[...]
From some debugging, it smells like `pango_layout_check_lines` calls
`pango_itemize_with_base_dir` to compute `state.items` that are relative to the
beginning of `layout->text`, but then passes `state.items` together with the
offset'ed `start` into `get_items_log_attrs`, so that the latter misinterpreted
the items' locations relative to the offset'ed start.
Just adding
g_assert (item->offset <= length);
g_assert (item->length <= length - item->offset);
to the original `get_items_log_attrs` would make various tests in the `meson
test` suite fail, but which pass again with the complete fix, matching the above
speculation.
pango/pango-layout.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index 7d5b9b10..68ffd190 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -4088,6 +4088,7 @@ process_line (PangoLayout *layout,
static void
get_items_log_attrs (const char *text,
+ int start,
int length,
GList *items,
PangoLogAttr *log_attrs,
@@ -4096,11 +4097,13 @@ get_items_log_attrs (const char *text,
int offset = 0;
GList *l;
- pango_default_break (text, length, NULL, log_attrs, log_attrs_len);
+ pango_default_break (text + start, length, NULL, log_attrs, log_attrs_len);
for (l = items; l; l = l->next)
{
PangoItem *item = l->data;
+ g_assert (item->offset <= start + length);
+ g_assert (item->length <= (start + length) - item->offset);
pango_tailor_break (text + item->offset,
item->length,
@@ -4371,7 +4374,8 @@ pango_layout_check_lines (PangoLayout *layout)
apply_attributes_to_items (state.items, shape_attrs);
- get_items_log_attrs (start,
+ get_items_log_attrs (layout->text,
+ start - layout->text,
delimiter_index + delim_len,
state.items,
layout->log_attrs + start_offset,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
