[PATCH:libXft 2/2] XftGlyphFontSpecCore: check to make sure glyphs are in range
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Feb 2 22:22:18 PST 2011
From: Derek Wang <Derek.Wang at sun.com>
This fixes a crash reported when selecting "View Page Source" in Mozilla
on Solaris 10, due to invalid parameters being given to XPutImage.
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6261221
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
I can't claim to understand this patch, but it's been shipping in Solaris
libXft for 5 years, so it's a bit overdue to attempt pushing it upstream.
(Unfortunately, that's also almost how long it's been since the original
author left Sun.)
Given the timeframe & hardware on which it was reported, I suspect it
affects the libXft fallback path to use libX11 when the Render extension
is not available, but have not confirmed that.
src/xftcore.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/src/xftcore.c b/src/xftcore.c
index 3f87109..a0103cf 100644
--- a/src/xftcore.c
+++ b/src/xftcore.c
@@ -1253,7 +1253,17 @@ XftGlyphFontSpecCore (XftDraw *draw,
if (i)
{
if (g_x1 < x1)
+ {
+ if (g_x1 < 0)
+ {
+ /* do nothing if the given glyphs are out of range */
+ short t = glyphs[i-1].font->max_advance_width
+ + glyphs[i-1].x;
+ if (t < 0 && glyphs[i-1].x > 0)
+ goto bail1;
+ }
x1 = g_x1;
+ }
if (g_y1 < y1)
y1 = g_y1;
if (g_x2 > x2)
--
1.7.3.2
More information about the xorg-devel
mailing list