diff options
| author | Matthias Clasen <mclasen@redhat.com> | 2020-06-22 08:15:35 -0400 |
|---|---|---|
| committer | Matthias Clasen <mclasen@redhat.com> | 2020-06-22 08:15:35 -0400 |
| commit | 01d35fa30ac1b63e5b6c13a663def2efa1a6dcd8 (patch) | |
| tree | f5a5fc5ba01f2a7cc18e57ddf7663393da97894d /pango/pango-attributes.c | |
| parent | 2a44077091bfe8680a12194d79f90e0443a06ad8 (diff) | |
| download | pango-01d35fa30ac1b63e5b6c13a663def2efa1a6dcd8.tar.gz | |
Fix crashes with empty attribute lists
There were a few cases left where empty attribute
lists could lead to crashes. This was observed causing
crashes in gnumeric.
Testcases included.
Diffstat (limited to 'pango/pango-attributes.c')
| -rw-r--r-- | pango/pango-attributes.c | 106 |
1 files changed, 54 insertions, 52 deletions
diff --git a/pango/pango-attributes.c b/pango/pango-attributes.c index 37443346..218ffade 100644 --- a/pango/pango-attributes.c +++ b/pango/pango-attributes.c @@ -1697,40 +1697,41 @@ pango_attr_list_update (PangoAttrList *list, { guint i, p; - for (i = 0, p = list->attributes->len; i < p; i++) - { - PangoAttribute *attr = g_ptr_array_index (list->attributes, i); - - if (attr->start_index >= pos && - attr->end_index < pos + remove) - { - pango_attribute_destroy (attr); - g_ptr_array_remove_index (list->attributes, i); - i--; /* Look at this index again */ - p--; - continue; - } - - if (attr->start_index >= pos && - attr->start_index < pos + remove) - { - attr->start_index = pos + add; - } - else if (attr->start_index >= pos + remove) - { - attr->start_index += add - remove; - } + if (list->attributes) + for (i = 0, p = list->attributes->len; i < p; i++) + { + PangoAttribute *attr = g_ptr_array_index (list->attributes, i); - if (attr->end_index >= pos && + if (attr->start_index >= pos && attr->end_index < pos + remove) - { - attr->end_index = pos; - } - else if (attr->end_index >= pos + remove) - { - attr->end_index += add - remove; - } - } + { + pango_attribute_destroy (attr); + g_ptr_array_remove_index (list->attributes, i); + i--; /* Look at this index again */ + p--; + continue; + } + + if (attr->start_index >= pos && + attr->start_index < pos + remove) + { + attr->start_index = pos + add; + } + else if (attr->start_index >= pos + remove) + { + attr->start_index += add - remove; + } + + if (attr->end_index >= pos && + attr->end_index < pos + remove) + { + attr->end_index = pos; + } + else if (attr->end_index >= pos + remove) + { + attr->end_index += add - remove; + } + } } /** @@ -1775,26 +1776,27 @@ pango_attr_list_splice (PangoAttrList *list, */ #define CLAMP_ADD(a,b) (((a) + (b) < (a)) ? G_MAXUINT : (a) + (b)) - for (i = 0, p = list->attributes->len; i < p; i++) - { - PangoAttribute *attr = g_ptr_array_index (list->attributes, i);; - - if (attr->start_index <= upos) - { - if (attr->end_index > upos) - attr->end_index = CLAMP_ADD (attr->end_index, ulen); - } - else - { - /* This could result in a zero length attribute if it - * gets squashed up against G_MAXUINT, but deleting such - * an element could (in theory) suprise the caller, so - * we don't delete it. - */ - attr->start_index = CLAMP_ADD (attr->start_index, ulen); - attr->end_index = CLAMP_ADD (attr->end_index, ulen); - } - } + if (list->attributes) + for (i = 0, p = list->attributes->len; i < p; i++) + { + PangoAttribute *attr = g_ptr_array_index (list->attributes, i);; + + if (attr->start_index <= upos) + { + if (attr->end_index > upos) + attr->end_index = CLAMP_ADD (attr->end_index, ulen); + } + else + { + /* This could result in a zero length attribute if it + * gets squashed up against G_MAXUINT, but deleting such + * an element could (in theory) suprise the caller, so + * we don't delete it. + */ + attr->start_index = CLAMP_ADD (attr->start_index, ulen); + attr->end_index = CLAMP_ADD (attr->end_index, ulen); + } + } if (!other->attributes || other->attributes->len == 0) return; |