diff options
author | Edward Welbourne <edward.welbourne@qt.io> | 2021-02-08 12:13:13 +0100 |
---|---|---|
committer | Edward Welbourne <edward.welbourne@qt.io> | 2021-04-16 15:49:28 +0100 |
commit | aeeaab1a5ac0b4d91c9f9b542035b8970e4c61dd (patch) | |
tree | 081791c00c9ce90c329a46c060c0e2edab36040d | |
parent | 57850f9d6d6cf2d745cdfcdecb4b55cd9088b898 (diff) | |
download | qtbase-aeeaab1a5ac0b4d91c9f9b542035b8970e4c61dd.tar.gz |
Fix handling of surrogates in QBidiAlgorithm
Prior code was naively assuming the character after a high surrogate
would necessarily be a low surrogate, which is buggy.
Fixes oss-fuzz issue 29718.
Pick-to: 6.0 6.1 5.15
Change-Id: I10f023c4b5024a0d76fea0a3672001063591ec6d
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
-rw-r--r-- | src/gui/text/qtextengine.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp index 675e87b322..b31b880693 100644 --- a/src/gui/text/qtextengine.cpp +++ b/src/gui/text/qtextengine.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** -** Copyright (C) 2016 The Qt Company Ltd. +** Copyright (C) 2021 The Qt Company Ltd. ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtGui module of the Qt Toolkit. @@ -258,7 +258,7 @@ struct QBidiAlgorithm { for (int i = 0; i < length; ++i) { int pos = i; char32_t uc = text[i].unicode(); - if (QChar::isHighSurrogate(uc) && i < length - 1) { + if (QChar::isHighSurrogate(uc) && i < length - 1 && text[i + 1].isLowSurrogate()) { ++i; analysis[i].bidiDirection = QChar::DirNSM; uc = QChar::surrogateToUcs4(ushort(uc), text[i].unicode()); |