layout: Avoid a crash with short strings

You can call pango_layout_set_text() with a length that is longer than the string (and there's code in the wild that does that). We try to handle it by only looking at the initial segment of the text, but we are forgetting to set layout->length to the length of that segment, leading us to access beyond the string end later. This fixes #490
author: Matthias Clasen <mclasen@redhat.com> 2020-07-30 10:06:53 -0400
committer: Matthias Clasen <mclasen@redhat.com> 2020-07-30 10:09:27 -0400
commit: 6e04db81b9dc5913607bd97e1000d59c6ed0c496 (patch)
tree: 6337ee1855972b6cacaff161f56c7786e5a70502
parent: 226d1a898a73de3a0fc09247c83dceac7b5c8786 (diff)
download: pango-6e04db81b9dc5913607bd97e1000d59c6ed0c496.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index b07c8487..92d858b2 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -1173,6 +1173,7 @@ pango_layout_set_text (PangoLayout *layout,
     g_warning ("Invalid UTF-8 string passed to pango_layout_set_text()");
 
   layout->n_chars = pango_utf8_strlen (layout->text, -1);
+  layout->length = strlen (layout->text);
 
   layout_changed (layout);
author	Matthias Clasen <mclasen@redhat.com>	2020-07-30 10:06:53 -0400
committer	Matthias Clasen <mclasen@redhat.com>	2020-07-30 10:09:27 -0400
commit	6e04db81b9dc5913607bd97e1000d59c6ed0c496 (patch)
tree	6337ee1855972b6cacaff161f56c7786e5a70502
parent	226d1a898a73de3a0fc09247c83dceac7b5c8786 (diff)
download	pango-6e04db81b9dc5913607bd97e1000d59c6ed0c496.tar.gz