[pango/pango-1-44: 15/31] layout: Avoid a crash with short strings

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [pango/pango-1-44: 15/31] layout: Avoid a crash with short strings
Date: Sun, 9 May 2021 01:32:01 +0000 (UTC)


commit 4b93e64a4d23a6ced2dd146f10e5fb10a1000d93
Author: Matthias Clasen <mclasen redhat com>
Date:   Thu Jul 30 10:06:53 2020 -0400

    layout: Avoid a crash with short strings
    
    You can call pango_layout_set_text() with a length that
    is longer than the string (and there's code in the wild
    that does that). We try to handle it by only looking at
    the initial segment of the text, but we are forgetting
    to set layout->length to the length of that segment,
    leading us to access beyond the string end later.
    
    This fixes #490
    
    (cherry-picked from commit 6e04db81)

 pango/pango-layout.c | 1 +
 1 file changed, 1 insertion(+)
---
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index 84dfb39f..c0939ca9 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -1149,6 +1149,7 @@ pango_layout_set_text (PangoLayout *layout,
     g_warning ("Invalid UTF-8 string passed to pango_layout_set_text()");
 
   layout->n_chars = pango_utf8_strlen (layout->text, -1);
+  layout->length = strlen (layout->text);
 
   layout_changed (layout);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]