pangofc-shape: Fix potential array overrun

If this loop adds the final feature to the features array, the start and end assignment for the next feature will drop off the end of the array. I don’t think the assignments are necessary, since num_features stores the number of elements in the array (so it doesn’t need to be terminated), and the start and end elements are assigned each time a feature is parsed. Coverity ID: 1391709 Signed-off-by: Philip Withnall <withnall@endlessm.com> https://bugzilla.gnome.org/show_bug.cgi?id=778601
author: Philip Withnall <withnall@endlessm.com> 2017-02-14 10:32:26 +0000
committer: Philip Withnall <withnall@endlessm.com> 2017-02-14 10:38:09 +0000
commit: 318fd546a0ab8ad68f65f5f81b0a6fb845141a9f (patch)
tree: 8a6c4f8fcdfc665bd6bc93ff4713cbbf9732bd25
parent: f4cbd27f4e5bf8490ea411190d41813e14f12165 (diff)
download: pango-318fd546a0ab8ad68f65f5f81b0a6fb845141a9f.tar.gz
1 files changed, 0 insertions, 4 deletions
diff --git a/pango/pangofc-shape.c b/pango/pangofc-shape.c
index 816aa8b3..6cd98184 100644
--- a/pango/pangofc-shape.c
+++ b/pango/pangofc-shape.c
@@ -393,11 +393,7 @@ _pango_fc_shape (PangoFont           *font,
 		    len = -1;
 
 		  if (hb_feature_from_string (feat, len, &features[num_features]))
-		  {
 		    num_features++;
-		    features[num_features].start = 0;
-		    features[num_features].end = -1;
-		  }
 
 		  if (end == NULL)
 		    break;
author	Philip Withnall <withnall@endlessm.com>	2017-02-14 10:32:26 +0000
committer	Philip Withnall <withnall@endlessm.com>	2017-02-14 10:38:09 +0000
commit	318fd546a0ab8ad68f65f5f81b0a6fb845141a9f (patch)
tree	8a6c4f8fcdfc665bd6bc93ff4713cbbf9732bd25
parent	f4cbd27f4e5bf8490ea411190d41813e14f12165 (diff)
download	pango-318fd546a0ab8ad68f65f5f81b0a6fb845141a9f.tar.gz