After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 462137 - memory corruption in pango_default_break
memory corruption in pango_default_break
Status: RESOLVED FIXED
Product: pango
Classification: Platform
Component: general
1.17.x
Other All
: Normal critical
: ---
Assigned To: pango-maint
pango-maint
: 463971 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2007-07-31 13:56 UTC by Radek Doulik
Modified: 2007-08-06 11:40 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
proposed patch (316 bytes, patch)
2007-07-31 13:56 UTC, Radek Doulik
none Details | Review
valgrind log (7.97 KB, text/plain)
2007-07-31 13:59 UTC, Radek Doulik
  Details

Description Radek Doulik 2007-07-31 13:56:12 UTC
Steps to reproduce:
it happens with called with "" empty text.

small test:

#include <stdio.h>
#include <glib.h>
#include <pango/pango-types.h>
#include <pango/pango-break.h>

int main (int argc, char **argv)
{
  PangoLogAttr *attrs = new PangoLogAttr[1];
  
  printf ("before\n");  
  pango_get_log_attrs ("", 0, -1, NULL, attrs, 1);
  printf ("after\n");
  
  delete[] attrs;
  
  return 0;
}

originally that bug was spotted in inkscape - http://sourceforge.net/tracker/index.php?func=detail&aid=1715838&group_id=93438&atid=604306

I will attach a patch which should solve that problem.

Stack trace:


Other information:
Comment 1 Radek Doulik 2007-07-31 13:56:49 UTC
Created attachment 92797 [details] [review]
proposed patch
Comment 2 Radek Doulik 2007-07-31 13:59:22 UTC
Created attachment 92798 [details]
valgrind log
Comment 3 Behdad Esfahbod 2007-07-31 18:07:13 UTC
Committed patch:

--- pango/break.c       (revision 2381)
+++ pango/break.c       (working copy)
@@ -558,7 +558,10 @@ pango_default_break (const gchar   *text
   prev_jamo = NO_JAMO;
 
   if (length == 0 || *text == '\0')
-    next_wc = PARAGRAPH_SEPARATOR;
+    {
+      next_wc = PARAGRAPH_SEPARATOR;
+      almost_done = TRUE;
+    }
   else
     next_wc = g_utf8_get_char (next);
 
Comment 4 Behdad Esfahbod 2007-07-31 18:08:09 UTC
2007-07-31  Behdad Esfahbod  <behdad@gnome.org>

        Bug 462137 – memory corruption in pango_default_break

        * pango/break.c (pango_default_break): Handle the case of
        an empty string correctly.

Comment 5 Chris Wilson 2007-08-06 11:40:26 UTC
*** Bug 463971 has been marked as a duplicate of this bug. ***