On 05/30/2013 04:57 AM, Jan Arne Petersen wrote:
- if (entry->pending_commit.delete_index + length > text_length) {
+ if (length > text_length ||
+ entry->pending_commit.delete_index + length > text_length) {
This is to detect wrap-around of the unsigned values, right? This is
annoyingly complex to get right. Checking if delete_index > text_length
as well will fix it if text_length is less than the first value with the
high bit set. The real check is not much more complex but I don't want
to get it wrong here...
fprintf(stderr, "Invalid length %d\n", length);
entry->pending_commit.delete_length = 0;
I think it would be better to truncate it at text_length.
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
