After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 778601 - pangofc-shape: Fix potential array overrun
pangofc-shape: Fix potential array overrun
Status: RESOLVED FIXED
Product: pango
Classification: Platform
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: pango-maint
pango-maint
Depends on:
Blocks:
 
 
Reported: 2017-02-14 10:38 UTC by Philip Withnall
Modified: 2017-02-14 12:27 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
pangofc-shape: Fix potential array overrun (1.31 KB, patch)
2017-02-14 10:38 UTC, Philip Withnall 		committed Details | Review

Description Philip Withnall 2017-02-14 10:38:07 UTC 
Small fix for a potential out-of-bounds access found by Coverity, which could happen if a particular run of text had a lot of features.
Comment 1 Philip Withnall 2017-02-14 10:38:11 UTC 
Created attachment 345721 [details] [review]
pangofc-shape: Fix potential array overrun

If this loop adds the final feature to the features array, the start and
end assignment for the next feature will drop off the end of the array.
I don’t think the assignments are necessary, since num_features stores
the number of elements in the array (so it doesn’t need to be
terminated), and the start and end elements are assigned each time a
feature is parsed.

Coverity ID: 1391709

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Comment 2 Matthias Clasen 2017-02-14 11:56:27 UTC 
Review of attachment 345721 [details] [review]:

You are right.
Comment 3 Philip Withnall 2017-02-14 12:27:35 UTC 
Attachment 345721 [details] pushed as 318fd54 - pangofc-shape: Fix potential array overrun