diff options
author | Matthias Clasen <mclasen@redhat.com> | 2020-07-30 10:06:53 -0400 |
---|---|---|
committer | Marco Trevisan (TreviƱo) <mail@3v1n0.net> | 2021-05-05 16:38:25 +0200 |
commit | 4b93e64a4d23a6ced2dd146f10e5fb10a1000d93 (patch) | |
tree | 01418a5b2aab3258dc88fe9559c3676c2ee053df | |
parent | 8a744cd515f31daef4e9a95a751b11d777e6774e (diff) | |
download | pango-4b93e64a4d23a6ced2dd146f10e5fb10a1000d93.tar.gz |
layout: Avoid a crash with short strings
You can call pango_layout_set_text() with a length that
is longer than the string (and there's code in the wild
that does that). We try to handle it by only looking at
the initial segment of the text, but we are forgetting
to set layout->length to the length of that segment,
leading us to access beyond the string end later.
This fixes #490
(cherry-picked from commit 6e04db81)
-rw-r--r-- | pango/pango-layout.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/pango/pango-layout.c b/pango/pango-layout.c index 84dfb39f..c0939ca9 100644 --- a/pango/pango-layout.c +++ b/pango/pango-layout.c @@ -1149,6 +1149,7 @@ pango_layout_set_text (PangoLayout *layout, g_warning ("Invalid UTF-8 string passed to pango_layout_set_text()"); layout->n_chars = pango_utf8_strlen (layout->text, -1); + layout->length = strlen (layout->text); layout_changed (layout); |