Contents of /trunk/qt4/patches/qt-4.8.1-fix-buffer-overflow.patch
Parent Directory | Revision Log
Revision 1771 -
(show annotations)
(download)
Wed May 9 07:58:18 2012 UTC (12 years, 4 months ago) by niro
File size: 1976 byte(s)
Wed May 9 07:58:18 2012 UTC (12 years, 4 months ago) by niro
File size: 1976 byte(s)
-added upstrean patches for qt-4.8.1
1 | From 827e5c4c689d4ecb4f8c1ab48c9a7ab712fe2ca7 Mon Sep 17 00:00:00 2001 |
2 | From: John Tapsell <john.tapsell.ext@basyskom.com> |
3 | Date: Mon, 12 Mar 2012 22:07:47 +0000 |
4 | Subject: [PATCH] Harfbuzz-thai - fix buffer overflow when setting item |
5 | attributes |
6 | |
7 | Change-Id: I19eeb4ec25a7c6cb3f584e6290169f9f327b8713 |
8 | Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@nokia.com> |
9 | --- |
10 | src/3rdparty/harfbuzz/src/harfbuzz-thai.c | 9 +++++- |
11 | .../qtextscriptengine/tst_qtextscriptengine.cpp | 29 ++++++++++++++++++++ |
12 | 2 files changed, 36 insertions(+), 2 deletions(-) |
13 | |
14 | diff --git a/src/3rdparty/harfbuzz/src/harfbuzz-thai.c b/src/3rdparty/harfbuzz/src/harfbuzz-thai.c |
15 | index bf6c35b..3c0ffe8 100644 |
16 | --- a/src/3rdparty/harfbuzz/src/harfbuzz-thai.c |
17 | +++ b/src/3rdparty/harfbuzz/src/harfbuzz-thai.c |
18 | @@ -263,8 +263,13 @@ static HB_Bool HB_ThaiConvertStringToGlyphIndices (HB_ShaperItem *item) |
19 | // The only glyphs that should be passed to this function that cannot be mapped to |
20 | // tis620 are the ones of type Inherited class. Pass these glyphs untouched. |
21 | glyphString[slen++] = string[i]; |
22 | - if (string[i] == 0x200D || string[i] == 0x200C) |
23 | - item->attributes[slen-1].dontPrint = true; // Hide ZWJ and ZWNJ characters |
24 | + if (string[i] == 0x200D || string[i] == 0x200C) { |
25 | + // Check that we do not run out of bounds when setting item->attributes. If we do |
26 | + // run out of bounds then this function will return false, the necessary amount of |
27 | + // memory is reallocated, and this function will then be called again. |
28 | + if (slen <= item->num_glyphs) |
29 | + item->attributes[slen-1].dontPrint = true; // Hide ZWJ and ZWNJ characters |
30 | + } |
31 | } else { |
32 | glyphString[slen++] = (HB_UChar16) thai_get_glyph_index (font_type, rglyphs[lgi]); |
33 | } |