[EGIT] [core/efl] efl-1.8 01/01: evas: textgrid - fix crash in terminology with rare characters.

Wed, 29 Jan 2014 13:43:33 -0800 

billiob pushed a commit to branch efl-1.8.

http://git.enlightenment.org/core/efl.git/commit/?id=0cfd1eb64a495900a8da50b6be72103afedf819e

commit 0cfd1eb64a495900a8da50b6be72103afedf819e
Author: Jean-Philippe Andre <[email protected]>
Date:   Fri Jan 24 09:44:40 2014 +0900

    evas: textgrid - fix crash in terminology with rare characters.
    
    So I have a weird crash in terminology.
    Reproduction path:
    eet -x /path/to/elm/theme/default.edj edje/images/537
    
    Scroll back in the terminal buffer, to show the entire file: CRASH.
    
    Reviewers: cedric, tasn
    
    CC: cedric, raster
    
    Differential Revision: https://phab.enlightenment.org/D468
    
    Signed-off-by: Cedric BAIL <[email protected]>
---
 src/lib/evas/canvas/evas_object_textgrid.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/lib/evas/canvas/evas_object_textgrid.c 
b/src/lib/evas/canvas/evas_object_textgrid.c
index 2e0e592..a54af9a 100644
--- a/src/lib/evas/canvas/evas_object_textgrid.c
+++ b/src/lib/evas/canvas/evas_object_textgrid.c
@@ -297,14 +297,18 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, 
Evas_Object_Textgrid *o,
           }
         offset--;
      }
-   if (o->master[offset].next[(codepoint & mask) >> shift] == 0)
+   if ((o->master[offset].next[(codepoint & mask) >> shift] == 0)
+       || ((o->master[offset].next[(codepoint & mask) >> shift] & 0xFFFFFF) >= 
o->glyphs_length))
      {
         Evas_Textgrid_Hash_Glyphs *tmp;
         unsigned char *tmp_used;
-        int count;
+        int count, i;
 
         /* FIXME: find empty entry */
-        count = o->glyphs_length + 1;
+        if (o->master[offset].next[(codepoint & mask) >> shift] == 0)
+          count = o->glyphs_length + 1;
+        else
+          count = (o->master[offset].next[(codepoint & mask) >> shift] & 
0xFFFFFF) + 1;
         tmp = realloc(o->glyphs, count * sizeof (Evas_Textgrid_Hash_Glyphs));
         if (!tmp) return 0xFFFFFFFF;
         o->glyphs = tmp;
@@ -312,10 +316,11 @@ evas_object_textgrid_textprop_ref(Evas_Object *eo_obj, 
Evas_Object_Textgrid *o,
         if (!tmp_used) return 0xFFFFFFFF;
         o->glyphs_used = tmp_used;
 
+        // FIXME: What should we write when allocating more than one new entry?
         o->master[offset].next[(codepoint & mask) >> shift] = o->glyphs_length 
+ 0xFF000000;
 
-        memset(o->glyphs + o->glyphs_length, 0, sizeof 
(Evas_Textgrid_Hash_Glyphs));
-        o->glyphs_used[o->glyphs_length] = 0;
+        memset(o->glyphs + o->glyphs_length, 0, (count - o->glyphs_length) * 
sizeof (Evas_Textgrid_Hash_Glyphs));
+        memset(o->glyphs_used, 0, (count - o->glyphs_length) * 
sizeof(o->glyphs_used[0]));
         o->glyphs_length = count;
      }
 

--

Reply via email to