layout: Avoid a crash with short strings

You can call pango_layout_set_text() with a length that is longer than the string (and there's code in the wild that does that). We try to handle it by only looking at the initial segment of the text, but we are forgetting to set layout->length to the length of that segment, leading us to access beyond the string end later. This fixes #490 (cherry-picked from commit 6e04db81)
author: Matthias Clasen <mclasen@redhat.com> 2020-07-30 10:06:53 -0400
committer: Marco Trevisan (Treviño) <mail@3v1n0.net> 2021-05-05 16:38:25 +0200
commit: 4b93e64a4d23a6ced2dd146f10e5fb10a1000d93 (patch)
tree: 01418a5b2aab3258dc88fe9559c3676c2ee053df
parent: 8a744cd515f31daef4e9a95a751b11d777e6774e (diff)
download: pango-4b93e64a4d23a6ced2dd146f10e5fb10a1000d93.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index 84dfb39f..c0939ca9 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -1149,6 +1149,7 @@ pango_layout_set_text (PangoLayout *layout,
     g_warning ("Invalid UTF-8 string passed to pango_layout_set_text()");
 
   layout->n_chars = pango_utf8_strlen (layout->text, -1);
+  layout->length = strlen (layout->text);
 
   layout_changed (layout);
author	Matthias Clasen <mclasen@redhat.com>	2020-07-30 10:06:53 -0400
committer	Marco Trevisan (Treviño) <mail@3v1n0.net>	2021-05-05 16:38:25 +0200
commit	4b93e64a4d23a6ced2dd146f10e5fb10a1000d93 (patch)
tree	01418a5b2aab3258dc88fe9559c3676c2ee053df
parent	8a744cd515f31daef4e9a95a751b11d777e6774e (diff)
download	pango-4b93e64a4d23a6ced2dd146f10e5fb10a1000d93.tar.gz