GNOME Bugzilla – Bug 771610
number: do not access text_out beyond its bounds in bitwise function
Last modified: 2016-09-25 01:15:13 UTC
Created attachment 335791 [details] [review] patch The text_out buffer has just been created as a char array with offset_out + 1 elements. So we can access element 0 to offset_out. offset_out+1 is beyond the bounds.
Created attachment 335792 [details] [review] patch the other patch didn't null-terminate the string. Now we simply increase the size of the out buffer.
Review of attachment 335792 [details] [review]: Looks fine, and I'm not sure if there's a better way to fix this "index out of bounds", although I did not see any visible signs of the problem, but it is indeed a problem. We're in hard code freeze, but I would say this can go in the stable (3.22.1) after the freeze.
Thanks, pushed to master.