aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Andre <jp.andre@samsung.com>2014-01-24 09:44:40 +0900
committerBoris Faure <billiob@gmail.com>2014-01-29 22:37:41 +0100
commit0cfd1eb64a495900a8da50b6be72103afedf819e (patch)
treef853e6c5f7ba383a18829525ea8280fcf6e676e5
parentEvas textblock: Fix selection with bidi text. (diff)
downloadefl-0cfd1eb64a495900a8da50b6be72103afedf819e.tar.gz
evas: textgrid - fix crash in terminology with rare characters.
So I have a weird crash in terminology. Reproduction path: eet -x /path/to/elm/theme/default.edj edje/images/537 Scroll back in the terminal buffer, to show the entire file: CRASH. Reviewers: cedric, tasn CC: cedric, raster Differential Revision: https://phab.enlightenment.org/D468 Signed-off-by: Cedric BAIL <cedric.bail@samsung.com>
-rw-r--r--src/lib/evas/canvas/evas_object_textgrid.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/evas/canvas/evas_object_textgrid.c b/src/lib/evas/canvas/evas_object_textgrid.c
index 2e0e592d7c..a54af9ad72 100644
--- a/src/lib/evas/canvas/evas_object_textgrid.c
+++ b/src/lib/evas/canvas/evas_object_textgrid.c
@@ -297,14 +297,18 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, Evas_Object_Textgrid *o,
}
offset--;
}
- if (o->master[offset].next[(codepoint & mask) >> shift] == 0)
+ if ((o->master[offset].next[(codepoint & mask) >> shift] == 0)
+ || ((o->master[offset].next[(codepoint & mask) >> shift] & 0xFFFFFF) >= o->glyphs_length))
{
Evas_Textgrid_Hash_Glyphs *tmp;
unsigned char *tmp_used;
- int count;
+ int count, i;
/* FIXME: find empty entry */
- count = o->glyphs_length + 1;
+ if (o->master[offset].next[(codepoint & mask) >> shift] == 0)
+ count = o->glyphs_length + 1;
+ else
+ count = (o->master[offset].next[(codepoint & mask) >> shift] & 0xFFFFFF) + 1;
tmp = realloc(o->glyphs, count * sizeof (Evas_Textgrid_Hash_Glyphs));
if (!tmp) return 0xFFFFFFFF;
o->glyphs = tmp;
@@ -312,10 +316,11 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, Evas_Object_Textgrid *o,
if (!tmp_used) return 0xFFFFFFFF;
o->glyphs_used = tmp_used;
+ // FIXME: What should we write when allocating more than one new entry?
o->master[offset].next[(codepoint & mask) >> shift] = o->glyphs_length + 0xFF000000;
- memset(o->glyphs + o->glyphs_length, 0, sizeof (Evas_Textgrid_Hash_Glyphs));
- o->glyphs_used[o->glyphs_length] = 0;
+ memset(o->glyphs + o->glyphs_length, 0, (count - o->glyphs_length) * sizeof (Evas_Textgrid_Hash_Glyphs));
+ memset(o->glyphs_used, 0, (count - o->glyphs_length) * sizeof(o->glyphs_used[0]));
o->glyphs_length = count;
}