1. 10 Sep, 2020 1 commit
    • stbergmann's avatar
      Let get_items_log_attrs take the start-of-text offset into account · 42e1738b
      stbergmann authored
      ...when interpreting item->offset values.
      
      I ran into this when executing tests of recent LibreOffice master with ASan on
      Fedora 32 (with pango-1.44.7-2.fc32.x86_64), where one of the tests renders
      various dialogs with a Tamil localization and failed with
      
      > ==97247==ERROR: AddressSanitizer: SEGV on unknown address 0x60b000210006 (pc 0x7fd6c5b22b54 bp 0x61d0004b4150 sp 0x7fff107a0d18 T0)
      > ==97247==The signal is caused by a READ memory access.
      >  #0 in g_utf8_get_char at ../glib/gutf8.c:319:37 (/lib64/libglib-2.0.so.0 +0x85b54)
      >  #1 in break_indic at ../pango/break-indic.c:119:17 (/lib64/libpango-1.0.so.0 +0x1076d)
      >  #2 in break_script at ../pango/break.c:1896:7 (/lib64/libpango-1.0.so.0 +0x1076d)
      >  #3 in tailor_break at ../pango/break.c:1606:9 (/lib64/libpango-1.0.so.0 +0x147db)
      >  #4 in pango_tailor_break at ../pango/break.c:1774:7 (/lib64/libpango-1.0.so.0 +0x147db)
      >  #5 in get_items_log_attrs at ../pango/pango-layout.c:4032:7 (/lib64/libpango-1.0.so.0 +0x2729c)
      >  #6 in pango_layout_check_lines at ../pango/pango-layout.c:4289:7 (/lib64/libpango-1.0.so.0 +0x2729c)
      >  #7 in pango_layout_get_extents_internal at ../pango/pango-layout.c:2623:3 (/lib64/libpango-1.0.so.0 +0x29068)
      >  #8 in gtk_label_get_measuring_layout at /usr/src/debug/gtk3-3.24.22-1.fc32.x86_64/gtk/gtklabel.c:3376:3 (/lib64/libgtk-3.so.0 +0x2454d0)
      [...]
      
      From some debugging, it smells like `pango_layout_check_lines` calls
      `pango_itemize_with_base_dir` to compute `state.items` that are relative to the
      beginning of `layout->text`, but then passes `state.items` together with the
      offset'ed `start` into `get_items_log_attrs`, so that the latter misinterpreted
      the items' locations relative to the offset'ed start.
      
      Just adding
      
            g_assert (item->offset <= length);
            g_assert (item->length <= length - item->offset);
      
      to the original `get_items_log_attrs` would make various tests in the `meson
      test` suite fail, but which pass again with the complete fix, matching the above
      speculation.
      42e1738b
  2. 09 Sep, 2020 2 commits
  3. 08 Sep, 2020 4 commits
  4. 27 Aug, 2020 1 commit
  5. 26 Aug, 2020 2 commits
  6. 23 Aug, 2020 2 commits
  7. 22 Aug, 2020 2 commits
  8. 20 Aug, 2020 2 commits
  9. 19 Aug, 2020 7 commits
  10. 18 Aug, 2020 2 commits
  11. 16 Aug, 2020 2 commits
  12. 15 Aug, 2020 2 commits
  13. 13 Aug, 2020 1 commit
  14. 12 Aug, 2020 1 commit
  15. 10 Aug, 2020 5 commits
  16. 06 Aug, 2020 1 commit
  17. 05 Aug, 2020 1 commit
  18. 04 Aug, 2020 2 commits