bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51105: 29.0.50; Buffer overflow bug in ns_compute_glyph_string_overh

From: Daniel Martín
Subject: bug#51105: 29.0.50; Buffer overflow bug in ns_compute_glyph_string_overhangs
Date: Sat, 09 Oct 2021 21:35:22 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (darwin) 
Alan Third <alan@idiocy.org> writes:

> On Sat, Oct 09, 2021 at 02:43:18PM +0300, Eli Zaretskii wrote:
>> > From: Daniel Martín <mardani29@yahoo.es>
>> > Cc: 51105@debbugs.gnu.org
>> > Date: Sat, 09 Oct 2021 12:06:36 +0200
>> > 
>> > Now I think that the right thing to do may be to modify nsterm.m, switch
>> > on the glyph type and, if the glyph type is COMPOSITE_GLYPH, call
>> > composition_gstring_width to get the glyph metrics.  Function
>> > composition_gstring_width uses the values from fields s->cmp_from and
>> > s->cmp_to, and would avoid the buffer overflow:
>> > 
>> > (lldb) fr v s->cmp_from
>> > (int) s->cmp_from = 6
>> > (lldb) fr v s->cmp_to
>> > (int) s->cmp_to = 7
>> > 
>> > WDYT? I can prepare a patch of this type if you agree.
>> 
>> SGTM, but I'd like to hear Alan's opinion as well, as I don't feel I
>> know enough about the NS display backend.
>
> I don't know much about this part of the code, but it sounds good to
> me too.

A reduced test case to reproduce the problem is to paste "العربية" in the
*scratch* buffer.

I've attached a patch that fixes the issue.

Attachment: 0001-Fix-buffer-overflow-in-ns_compute_glyph_string_overh.patch
Description: Text Data

Let me know if you like it and please install it on my behalf if so.
Thanks.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]