[vlc-devel] [vlc 2.2 PATCH 2/2] freetype: fix memory corruption when fribidi enabled on OS/2

Rémi Denis-Courmont remi at remlab.net
Wed Aug 9 14:25:02 CEST 2017 

Le 9 août 2017 13:44:03 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a écrit :
>uni_char_t is 2-byte size on OS/2. However, FriBidiChar is 4-byte size.
>While conversion, the memory pointed by uni_char_t * is corrupted.
>---
> modules/text_renderer/freetype.c | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
>diff --git a/modules/text_renderer/freetype.c
>b/modules/text_renderer/freetype.c
>index b9da7bf28c..0ae6c16809 100644
>--- a/modules/text_renderer/freetype.c
>+++ b/modules/text_renderer/freetype.c
>@@ -1153,16 +1153,31 @@ static int ProcessLines( filter_t *p_filter,
>                          FT_BBox     *p_bbox,
>                          int         *pi_max_face_height,
> 
>-                         uni_char_t *psz_text,
>+                         uni_char_t *psz_uni_text,
>                          text_style_t **pp_styles,
>                          uint32_t *pi_k_dates,
>                          int i_len )
> {
>     filter_sys_t   *p_sys = p_filter->p_sys;
>-    uni_char_t     *p_fribidi_string = NULL;
>+    uint32_t       *psz_text = (uint32_t*)psz_uni_text;
>+    uint32_t       *p_fribidi_string = NULL;
>     text_style_t   **pp_fribidi_styles = NULL;
>     int            *p_new_positions = NULL;
> 
>+#ifdef __OS2__
>+    uint32_t *psz_text_buf;
>+
>+    psz_text = malloc( (i_len + 1) * sizeof(*psz_text) );
>+    if( !psz_text )
>+        return VLC_ENOMEM;
>+
>+    /* Conversion uni_char_t string to FriBidiChar string */
>+    for( int i = 0; i <= i_len; i++ )
>+        psz_text[i] = psz_uni_text[i];
>+
>+    psz_text_buf = psz_text;
>+#endif
>+
> #if defined(HAVE_FRIBIDI)
>     {
>         int    *p_old_positions;
>@@ -1183,6 +1198,9 @@ static int ProcessLines( filter_t *p_filter,
>             free( p_new_positions );
>             free( p_fribidi_string );
>             free( pp_fribidi_styles );
>+#ifdef __OS2__
>+            free( psz_text_buf );
>+#endif
>             return VLC_ENOMEM;
>         }
> 
>@@ -1567,6 +1585,9 @@ static int ProcessLines( filter_t *p_filter,
>     if( p_face )
>         FT_Done_Face( p_face );
> 
>+#ifdef __OS2__
>+    free( psz_text_buf );
>+#endif
>     free( pp_fribidi_styles );
>     free( p_fribidi_string );
>     free( pi_karaoke_bar );
>-- 
>2.13.3
>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel

That does not look right from a very quick glance. It should probably do whatever Windows does.
-- 
Rémi Denis-Courmont
Typed on an inconvenient virtual keyboard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170809/cde156c4/attachment.html>

More information about the vlc-devel mailing list