From 797949633a09d185524ef0dd654d1e6ed048f560 Mon Sep 17 00:00:00 2001 From: Carsten Haitzler Date: Wed, 25 Apr 2012 08:34:06 +0000 Subject: [PATCH] patch up another out-of-bound text problem in textblock. SVN revision: 70459 --- legacy/evas/src/lib/canvas/evas_object_textblock.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/legacy/evas/src/lib/canvas/evas_object_textblock.c b/legacy/evas/src/lib/canvas/evas_object_textblock.c index 1c171c99c2..ee1b105656 100644 --- a/legacy/evas/src/lib/canvas/evas_object_textblock.c +++ b/legacy/evas/src/lib/canvas/evas_object_textblock.c @@ -5196,6 +5196,7 @@ evas_object_textblock_text_markup_get(const Evas_Object *obj) Evas_Object_Textblock_Node_Format *fnode; Eina_Unicode *text_base, *text; int off; + size_t len; /* For each text node to thorugh all of it's format nodes * append text from the start to the offset of the next format @@ -5203,15 +5204,17 @@ evas_object_textblock_text_markup_get(const Evas_Object *obj) * this is the core algorithm of the layout mechanism. * Skip the unicode replacement chars when there are because * we don't want to print them. */ + len = eina_ustrbuf_length_get(n->unicode); text_base = text = - eina_unicode_strndup(eina_ustrbuf_string_get(n->unicode), - eina_ustrbuf_length_get(n->unicode)); + eina_unicode_strndup(eina_ustrbuf_string_get(n->unicode), len); fnode = n->format_node; off = 0; while (fnode && (fnode->text_node == n)) { Eina_Unicode tmp_ch; off += fnode->offset; + + if (off > len) break; /* No need to skip on the first run */ tmp_ch = text[off]; text[off] = 0; /* Null terminate the part of the string */