From 3c35748acccf246e77e3f4279367e51aea5d5b26 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Fri, 30 Jul 2021 09:05:22 -0400
Subject: bidi: Don't blow the stack

Limit stack allocation to a reasonable size, so things
don't blow up when somebody hands us a ridiculous-size
paragraph.
---
 pango/pango-bidi-type.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c
index 8d4fb852..4975bfd7 100644
--- a/pango/pango-bidi-type.c
+++ b/pango/pango-bidi-type.c
@@ -177,10 +177,21 @@ log2vis_get_embedding_levels (const gchar    *text,
   g_assert (length >= 0);
   g_assert (n_chars >= 0);
 
-  bidi_types = g_alloca (sizeof (FriBidiCharType) * n_chars);
+  if (n_chars < 4096)
+    {
+      bidi_types = g_alloca (sizeof (FriBidiCharType) * n_chars);
+#ifdef USE_FRIBIDI_EX_API
+      bracket_types = g_alloca (sizeof (FriBidiBracketType) * n_chars);
+#endif
+    }
+  else
+    {
+      g_print ("n_chars is %d\n", n_chars);
+      bidi_types = g_new (FriBidiCharType, n_chars);
 #ifdef USE_FRIBIDI_EX_API
-  bracket_types = g_alloca (sizeof (FriBidiBracketType) * n_chars);
+      bracket_types = g_new (FriBidiBracketType, n_chars);
 #endif
+    }
 
   for (i = 0, p = text; p < text + length; p = g_utf8_next_char (p), i++)
     {
@@ -272,6 +283,14 @@ log2vis_get_embedding_levels (const gchar    *text,
 
 resolved:
 
+  if (n_chars >= 4096)
+    {
+      g_free (bidi_types);
+#ifdef USE_FRIBIDI_EX_API
+      g_free (bracket_types);
+#endif
+    }
+
   *pbase_dir = (fribidi_base_dir == FRIBIDI_PAR_LTR) ?  PANGO_DIRECTION_LTR : PANGO_DIRECTION_RTL;
 }
 
-- 
cgit v1.2.1