Bug 24540 - arabicSyriacOpenTypeShape causes read past end of string in getArabicProperties
Summary: arabicSyriacOpenTypeShape causes read past end of string in getArabicProperties
Status: RESOLVED FIXED
Alias: None
Product: HarfBuzz
Classification: Unclassified
Component: src (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Behdad Esfahbod
QA Contact:
URL: http://code.google.com/p/chromium/iss...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-14 17:50 UTC by Matt Mueller
Modified: 2009-10-15 15:19 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
correct the condition (531 bytes, patch)
2009-10-14 17:50 UTC, Matt Mueller 		Details | Splinter Review
View All

Description Matt Mueller 2009-10-14 17:50:51 UTC 
Created attachment 30431 [details] [review]
correct the condition

arabicSyriacOpenTypeShape has a condition to read one char past the current item if it is not the end of the string, but it does not properly calculate the starting pos if the item is also not the first in the string.

This can be tested on a chromium checkout by running:
tools/valgrind/valgrind_webkit_tests.sh --debug LayoutTests/fast/text/drawBidiText.html

The string is "ﺎﻠﻠﻏﺓ ﺎﻠﻋﺮﺒﻳﺓ"


patch attached.  I was gonna try adding a test but couldn't figure out how to get the harfbuzz tests running (did a git clone, ran autogen, make didn't build the tests and running make in the test dir does nothing either.)
Comment 1 Behdad Esfahbod 2009-10-15 15:19:39 UTC 
Fixed. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.