diff options
Diffstat (limited to 'extra/qt/fix-buffer-overflow.patch')
| -rw-r--r-- | extra/qt/fix-buffer-overflow.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/extra/qt/fix-buffer-overflow.patch b/extra/qt/fix-buffer-overflow.patch new file mode 100644 index 000000000..f0334f247 --- /dev/null +++ b/extra/qt/fix-buffer-overflow.patch @@ -0,0 +1,34 @@ +From 827e5c4c689d4ecb4f8c1ab48c9a7ab712fe2ca7 Mon Sep 17 00:00:00 2001 +From: John Tapsell <john.tapsell.ext@basyskom.com> +Date: Mon, 12 Mar 2012 22:07:47 +0000 +Subject: [PATCH] Harfbuzz-thai - fix buffer overflow when setting item + attributes + +Change-Id: I19eeb4ec25a7c6cb3f584e6290169f9f327b8713 +Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@nokia.com> +--- + src/3rdparty/harfbuzz/src/harfbuzz-thai.c | 9 +++++- + .../qtextscriptengine/tst_qtextscriptengine.cpp | 29 ++++++++++++++++++++ + 2 files changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/3rdparty/harfbuzz/src/harfbuzz-thai.c b/src/3rdparty/harfbuzz/src/harfbuzz-thai.c +index bf6c35b..3c0ffe8 100644 +--- a/src/3rdparty/harfbuzz/src/harfbuzz-thai.c ++++ b/src/3rdparty/harfbuzz/src/harfbuzz-thai.c +@@ -263,8 +263,13 @@ static HB_Bool HB_ThaiConvertStringToGlyphIndices (HB_ShaperItem *item) + // The only glyphs that should be passed to this function that cannot be mapped to + // tis620 are the ones of type Inherited class. Pass these glyphs untouched. + glyphString[slen++] = string[i]; +- if (string[i] == 0x200D || string[i] == 0x200C) +- item->attributes[slen-1].dontPrint = true; // Hide ZWJ and ZWNJ characters ++ if (string[i] == 0x200D || string[i] == 0x200C) { ++ // Check that we do not run out of bounds when setting item->attributes. If we do ++ // run out of bounds then this function will return false, the necessary amount of ++ // memory is reallocated, and this function will then be called again. ++ if (slen <= item->num_glyphs) ++ item->attributes[slen-1].dontPrint = true; // Hide ZWJ and ZWNJ characters ++ } + } else { + glyphString[slen++] = (HB_UChar16) thai_get_glyph_index (font_type, rglyphs[lgi]); + } + |