Bug 37221

Created attachment 46738 [details]
fribidi invalid read sample code

If the charset of the input is incorrectly set, FriBiDi reads more than it should:

valgrind ./a.out
==12488== Memcheck, a memory error detector
==12488== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==12488== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==12488== Command: ./a.out
==12488== 
==12488== Invalid read of size 1
==12488==    at 0x4E30408: fribidi_utf8_to_unicode (in /usr/lib/libfribidi.so.0.3.1)
==12488==    by 0x4005CC: main (in /tmp/a.out)
==12488==  Address 0x539e042 is 0 bytes after a block of size 2 alloc'd
==12488==    at 0x4C2541D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12488==    by 0x50BC2A1: strdup (in /lib/libc-2.13.so)
==12488==    by 0x4005A8: main (in /tmp/a.out)
==12488== 
==12488== 
==12488== HEAP SUMMARY:
==12488==     in use at exit: 2 bytes in 1 blocks
==12488==   total heap usage: 1 allocs, 0 frees, 2 bytes allocated
==12488== 
==12488== LEAK SUMMARY:
==12488==    definitely lost: 2 bytes in 1 blocks
==12488==    indirectly lost: 0 bytes in 0 blocks
==12488==      possibly lost: 0 bytes in 0 blocks
==12488==    still reachable: 0 bytes in 0 blocks
==12488==         suppressed: 0 bytes in 0 blocks
==12488== Rerun with --leak-check=full to see details of leaked memory
==12488== 
==12488== For counts of detected and suppressed errors, rerun with: -v
==12488== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 7 from 7)

FriBiDi version is 0.19.2.