Commit 490f8979 authored by Matthias Clasen's avatar Matthias Clasen
Browse files

bidi: Be safer against bad input

Don't run off the end of an array that we
allocated to certain length.

Closes: #342
parent fc5dc3e3
Pipeline #94359 passed with stage
in 2 minutes and 21 seconds
......@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar *text,
for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++)
gunichar ch = g_utf8_get_char (p);
FriBidiCharType char_type;
char_type = fribidi_get_bidi_type (ch);
FriBidiCharType char_type = fribidi_get_bidi_type (ch);
if (i == n_chars)
bidi_types[i] = char_type;
ored_types |= char_type;
if (FRIBIDI_IS_STRONG (char_type))
  • Is there any ways to reproduce that in old versions of pango, such as: 1.40.14 or 1.38.1. I saw that those version has not the loop for part, but I'm not sure if they can be affected since I could not find the issue session or the bug report with any reproduction step.


  • The linked issue report #342 (closed) is marked as confidential, so only members of the GNOME group can access it at the moment.

  • Linked issue report is now unembargoed.

  • mentioned in issue #342 (closed)

    Toggle commit list
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment