[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#51105: 29.0.50; Buffer overflow bug in ns_compute_glyph_string_overh
From: |
Daniel Martín |
Subject: |
bug#51105: 29.0.50; Buffer overflow bug in ns_compute_glyph_string_overhangs |
Date: |
Sat, 09 Oct 2021 21:35:22 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (darwin) |
Alan Third <alan@idiocy.org> writes:
> On Sat, Oct 09, 2021 at 02:43:18PM +0300, Eli Zaretskii wrote:
>> > From: Daniel Martín <mardani29@yahoo.es>
>> > Cc: 51105@debbugs.gnu.org
>> > Date: Sat, 09 Oct 2021 12:06:36 +0200
>> >
>> > Now I think that the right thing to do may be to modify nsterm.m, switch
>> > on the glyph type and, if the glyph type is COMPOSITE_GLYPH, call
>> > composition_gstring_width to get the glyph metrics. Function
>> > composition_gstring_width uses the values from fields s->cmp_from and
>> > s->cmp_to, and would avoid the buffer overflow:
>> >
>> > (lldb) fr v s->cmp_from
>> > (int) s->cmp_from = 6
>> > (lldb) fr v s->cmp_to
>> > (int) s->cmp_to = 7
>> >
>> > WDYT? I can prepare a patch of this type if you agree.
>>
>> SGTM, but I'd like to hear Alan's opinion as well, as I don't feel I
>> know enough about the NS display backend.
>
> I don't know much about this part of the code, but it sounds good to
> me too.
A reduced test case to reproduce the problem is to paste "العربية" in the
*scratch* buffer.
I've attached a patch that fixes the issue.
0001-Fix-buffer-overflow-in-ns_compute_glyph_string_overh.patch
Description: Text Data
Let me know if you like it and please install it on my behalf if so.
Thanks.