summaryrefslogtreecommitdiff
path: root/src/lib/evas/common/evas_text_utils.c
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2019-10-31 12:21:59 +0000
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2019-10-31 12:31:52 +0000
commit80d317f20ebdc521d62a443a30482cf05bf89a07 (patch)
tree179b38501272eab8fb79a249bd479309ebb01d4d /src/lib/evas/common/evas_text_utils.c
parent72a5367f8dd0ceeefea3729dafedb970e47d0613 (diff)
evas - revert evas variation sequence support - out of bound accesses
This code is filled with out of bounds accesses now after the reverted patch. All those base_char+1, itr+1 etc. in evas_common_font_query_run_font_end_get() are accessing BEYOND the end of the run. textgrid shows this instantly to fall over as it uses single unicode codepoint chars with no nul terminator. As this api takes an explicit run_len we should never access beyond the end of the run_len. Please revisit this code and keep in mind proper memory/bounds accessing. If there was ano run_len and it assumed strings were regular strings that had to be nul terminated... then it might be ok, but not here. of course if i put in guards for these +1's then it ends up in infintie loops, so enough debugging and send it back for a rethink. :) .... Revert "evas_object_textblock: add support for variation sequences" This reverts commit 46f2d8acdcda3f374c9e393ecb734ff9d00fef7d.
Diffstat (limited to '')
-rw-r--r--src/lib/evas/common/evas_text_utils.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/evas/common/evas_text_utils.c b/src/lib/evas/common/evas_text_utils.c
index acf7cf8fb7..e9c5cc2c94 100644
--- a/src/lib/evas/common/evas_text_utils.c
+++ b/src/lib/evas/common/evas_text_utils.c
@@ -1066,7 +1066,7 @@ _content_create_ot(RGBA_Font_Int *fi, const Eina_Unicode *text,
1066 /* If we got a malformed index, show the replacement char instead */ 1066 /* If we got a malformed index, show the replacement char instead */
1067 if (gl_itr->index == 0) 1067 if (gl_itr->index == 0)
1068 { 1068 {
1069 gl_itr->index = evas_common_get_char_index(fi, REPLACEMENT_CHAR, 0); 1069 gl_itr->index = evas_common_get_char_index(fi, REPLACEMENT_CHAR);
1070 is_replacement = EINA_TRUE; 1070 is_replacement = EINA_TRUE;
1071 } 1071 }
1072 idx = gl_itr->index; 1072 idx = gl_itr->index;
@@ -1172,10 +1172,10 @@ _content_create_regular(RGBA_Font_Int *fi, const Eina_Unicode *text,
1172 _gl = *text; 1172 _gl = *text;
1173 if (_gl == 0) break; 1173 if (_gl == 0) break;
1174 1174
1175 idx = evas_common_get_char_index(fi, _gl, 0); 1175 idx = evas_common_get_char_index(fi, _gl);
1176 if (idx == 0) 1176 if (idx == 0)
1177 { 1177 {
1178 idx = evas_common_get_char_index(fi, REPLACEMENT_CHAR, 0); 1178 idx = evas_common_get_char_index(fi, REPLACEMENT_CHAR);
1179 } 1179 }
1180 1180
1181 fg = evas_common_font_int_cache_glyph_get(fi, idx); 1181 fg = evas_common_font_int_cache_glyph_get(fi, idx);