Bug 24540

Summary: arabicSyriacOpenTypeShape causes read past end of string in getArabicProperties
Product: HarfBuzz Reporter: Matt Mueller <mattm>
Component: srcAssignee: Behdad Esfahbod <freedesktop>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: freedesktop
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://code.google.com/p/chromium/issues/detail?id=23450
Whiteboard:
i915 platform: i915 features:
Attachments: correct the condition

Description Matt Mueller 2009-10-14 17:50:51 UTC 
Created attachment 30431 [details] [review]
correct the condition

arabicSyriacOpenTypeShape has a condition to read one char past the current item if it is not the end of the string, but it does not properly calculate the starting pos if the item is also not the first in the string.

This can be tested on a chromium checkout by running:
tools/valgrind/valgrind_webkit_tests.sh --debug LayoutTests/fast/text/drawBidiText.html

The string is "ﺎﻠﻠﻏﺓ ﺎﻠﻋﺮﺒﻳﺓ"


patch attached.  I was gonna try adding a test but couldn't figure out how to get the harfbuzz tests running (did a git clone, ran autogen, make didn't build the tests and running make in the test dir does nothing either.)
Comment 1 Behdad Esfahbod 2009-10-15 15:19:39 UTC 
Fixed. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.