diff options
| author | Michael Meeks <michael.meeks@collabora.com> | 2024-06-08 14:38:34 +0100 |
|---|---|---|
| committer | Michael Meeks <michael.meeks@collabora.com> | 2024-07-09 17:18:53 +0200 |
| commit | 7232d70476aee963633a89d8b62f87fed28d8f52 (patch) | |
| tree | 2b64b46fed6d502b8b4da9e368949b5d3e6b4d2b /vcl/source | |
| parent | b2ae2fa78ffd5c38f16624b17faa9dd263d2f573 (diff) | |
Avoid potential negative array index access to cached text.
if ((nIndex != 0 || nLen != text.getLength()) && !skipGlyphSubsets)
seems unlikely to protect us from this:
/opt/rh/devtoolset-12/root/usr/include/c++/12/string_view:239: constexpr const std::basic_string_view<_CharT, _Traits>::value_type& std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with _CharT = char16_t; _Traits = std::char_traits<char16_t>; const_reference = const char16_t&; size_type = long unsigned int]: Assertion '__pos < this->_M_len' failed.
coolwsd[16958] ... SIG Fatal signal received: SIGABRT code: 18446744073709551610 for address: 0x7300004e16
SalLayoutGlyphsCache::GetLayoutGlyphs(VclPtr<OutputDevice const>, rtl::OUString const&, int, int, long, vcl::text::TextLayoutCache const*)
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/vcl/source/gdi/impglyphitem.cxx:399
GetTextArray(OutputDevice const&, rtl::OUString const&, KernArray&, int, int, bool, vcl::text::TextLayoutCache const*)
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/include/rtl/ref.hxx:128
SwFntObj::GetTextSize(SwDrawTextInfo&)
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/txtnode/fntcache.cxx:766
SwSubFont::GetTextSize_(SwDrawTextInfo&)
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/txtnode/swfont.cxx:1022
SwTextSizeInfo::GetTextSize() const
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/inc/swfont.hxx:314
blind fix - but seeing a lot of these.
Change-Id: Icb6ca25e4b8c6ef8a5e5b89dfa01b56bb788378d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168539
Tested-by: Jenkins
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Diffstat (limited to 'vcl/source')
| -rw-r--r-- | vcl/source/gdi/impglyphitem.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/vcl/source/gdi/impglyphitem.cxx b/vcl/source/gdi/impglyphitem.cxx index a08a3b043626..300127de6b7a 100644 --- a/vcl/source/gdi/impglyphitem.cxx +++ b/vcl/source/gdi/impglyphitem.cxx @@ -377,7 +377,7 @@ const SalLayoutGlyphs* SalLayoutGlyphsCache::GetLayoutGlyphs( if (mLastSubstringKey.has_value() && !bAbortOnFontSubstitute) { sal_Int32 pos = nIndex; - if (mLastSubstringKey->len < pos && text[pos - 1] == nbSpace) + if (mLastSubstringKey->len < pos && pos > 0 && text[pos - 1] == nbSpace) --pos; // Writer skips a non-breaking space, so skip that character too. if ((mLastSubstringKey->len == pos || mLastSubstringKey->index == nIndex) && mLastSubstringKey |