crash in hangul module + patch

From: Radek Doulík <rodo ximian com>
To: gtk-i18n-list gnome org
Subject: crash in hangul module + patch
Date: Thu, 19 Feb 2004 12:21:43 +0100

Hi,

I am experiencing crashes in pango when rendering attached file (text.
utf8). The crash happens in hangul module, where it access memory
outside array (__jamo_to_ksc5601) boundaries.

While the attached patch checks the boundaries and avoid the crash, it
probably doesn't fix the whole problem. I didn't look deeper into it,
but it seems that pango_itemize should probably make 2 items instead of
one with hangul shaper.

May I commit the patch?

Cheers
Radek

í?ť

Index: modules/hangul/hangul-fc.c
===================================================================
RCS file: /cvs/gnome/pango/modules/hangul/hangul-fc.c,v
retrieving revision 1.13
diff -u -p -r1.13 hangul-fc.c
--- modules/hangul/hangul-fc.c	23 Sep 2003 23:11:51 -0000	1.13
+++ modules/hangul/hangul-fc.c	18 Feb 2004 16:04:30 -0000
@@ -246,18 +246,21 @@ render_syllable (PangoFont *font, gunich
       /* This font has no glyphs on the Hangul Jamo area!  Find a
 	 fallback from the Hangul Compatibility Jamo area.  */
       jindex = text[i] - LBASE;
-      for (j = 0; j < 3 && (__jamo_to_ksc5601[jindex][j] != 0); j++)
-	{
-	  wc = __jamo_to_ksc5601[jindex][j] - KSC_JAMOBASE + UNI_JAMOBASE;
-	  index = (wc >= 0x3131) ? find_char (font, wc) : 0;
-	  pango_glyph_string_set_size (glyphs, *n_glyphs + 1);
-	  if (!index)
-	    set_glyph (font, glyphs, *n_glyphs, cluster_offset,
-		       get_unknown_glyph (font, index));
-	  else
-	    set_glyph (font, glyphs, *n_glyphs, cluster_offset, index);
-	  (*n_glyphs)++;
-	}
+      if (0 <= jindex && jindex < 0x100)
+        {
+          for (j = 0; j < 3 && (__jamo_to_ksc5601[jindex][j] != 0); j++)
+	    {
+	      wc = __jamo_to_ksc5601[jindex][j] - KSC_JAMOBASE + UNI_JAMOBASE;
+	      index = (wc >= 0x3131) ? find_char (font, wc) : 0;
+	      pango_glyph_string_set_size (glyphs, *n_glyphs + 1);
+	      if (!index)
+	        set_glyph (font, glyphs, *n_glyphs, cluster_offset,
+		           get_unknown_glyph (font, index));
+	      else
+	        set_glyph (font, glyphs, *n_glyphs, cluster_offset, index);
+	      (*n_glyphs)++;
+	    }
+        }
     }
   if (n_prev_glyphs == *n_glyphs)
     {

Follow-Ups:
- Re: crash in hangul module + patch
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]