[Fribidi-discuss] Out-of-bounds read in run_length_encode_types
Owen Taylor
otaylor at redhat.com
Tue Dec 4 09:35:02 EST 2001
http://bugzilla.gnome.org/show_bug.cgi?id=66067; I checked and
the same problem occurs in CVS HEAD.
Regards,
Owen
====
This is occurring while in:
run_length_encode_types [mini-fribidifribidi.c:153]
current.pos = -1;
for (i = 0; i <= type_len; i++)
{
=> if (char_type[i] != current.type || i == type_len)
{
if (current.pos >= 0)
{
fribidi_analyse_string [mini-fribidifribidi.c:594]
pango_log2vis_get_embedding_levels [mini-fribidifribidi.c:1081]
pango_itemize [pangopango-context.c:406]
pango_layout_check_lines [pangopango-layout.c:2905]
pango_layout_get_extents_internal [pangopango-layout.c:1878]
A fix is to test i == type_len first.
if (i == type_len || char_type[i] != current.type)
More information about the FriBidi
mailing list