From 345c1ad26de0cab75e1127b74103248c1f647e85 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Andre Date: Fri, 24 Jan 2014 09:44:40 +0900 Subject: [PATCH] evas: textgrid - fix crash in terminology with rare characters. So I have a weird crash in terminology. Reproduction path: eet -x /path/to/elm/theme/default.edj edje/images/537 Scroll back in the terminal buffer, to show the entire file: CRASH. Reviewers: cedric, tasn CC: cedric, raster Differential Revision: https://phab.enlightenment.org/D468 Signed-off-by: Cedric BAIL --- src/lib/evas/canvas/evas_object_textgrid.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/lib/evas/canvas/evas_object_textgrid.c b/src/lib/evas/canvas/evas_object_textgrid.c index 2e0e592d7c..a54af9ad72 100644 --- a/src/lib/evas/canvas/evas_object_textgrid.c +++ b/src/lib/evas/canvas/evas_object_textgrid.c @@ -297,14 +297,18 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, Evas_Object_Textgrid *o, } offset--; } - if (o->master[offset].next[(codepoint & mask) >> shift] == 0) + if ((o->master[offset].next[(codepoint & mask) >> shift] == 0) + || ((o->master[offset].next[(codepoint & mask) >> shift] & 0xFFFFFF) >= o->glyphs_length)) { Evas_Textgrid_Hash_Glyphs *tmp; unsigned char *tmp_used; - int count; + int count, i; /* FIXME: find empty entry */ - count = o->glyphs_length + 1; + if (o->master[offset].next[(codepoint & mask) >> shift] == 0) + count = o->glyphs_length + 1; + else + count = (o->master[offset].next[(codepoint & mask) >> shift] & 0xFFFFFF) + 1; tmp = realloc(o->glyphs, count * sizeof (Evas_Textgrid_Hash_Glyphs)); if (!tmp) return 0xFFFFFFFF; o->glyphs = tmp; @@ -312,10 +316,11 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, Evas_Object_Textgrid *o, if (!tmp_used) return 0xFFFFFFFF; o->glyphs_used = tmp_used; + // FIXME: What should we write when allocating more than one new entry? o->master[offset].next[(codepoint & mask) >> shift] = o->glyphs_length + 0xFF000000; - memset(o->glyphs + o->glyphs_length, 0, sizeof (Evas_Textgrid_Hash_Glyphs)); - o->glyphs_used[o->glyphs_length] = 0; + memset(o->glyphs + o->glyphs_length, 0, (count - o->glyphs_length) * sizeof (Evas_Textgrid_Hash_Glyphs)); + memset(o->glyphs_used, 0, (count - o->glyphs_length) * sizeof(o->glyphs_used[0])); o->glyphs_length = count; }