[vlc-devel] [vlc 2.2 PATCH 2/2] freetype: fix memory corruption when fribidi enabled on OS/2

Rémi Denis-Courmont remi at remlab.net
Wed Aug 9 17:26:36 CEST 2017


Le 9 août 2017 18:11:37 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a écrit :
>
>
>Rémi Denis-Courmont wrote:
>> Le 9 août 2017 13:44:03 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a
>écrit :
>>> uni_char_t is 2-byte size on OS/2. However, FriBidiChar is 4-byte
>size.
>>> While conversion, the memory pointed by uni_char_t * is corrupted.
>>> ---
>>> modules/text_renderer/freetype.c | 25 +++++++++++++++++++++++--
>>> 1 file changed, 23 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/modules/text_renderer/freetype.c
>>> b/modules/text_renderer/freetype.c
>>> index b9da7bf28c..0ae6c16809 100644
>>> --- a/modules/text_renderer/freetype.c
>>> +++ b/modules/text_renderer/freetype.c
>>> @@ -1153,16 +1153,31 @@ static int ProcessLines( filter_t *p_filter,
>>>                          FT_BBox     *p_bbox,
>>>                          int         *pi_max_face_height,
>>>
>>> -                         uni_char_t *psz_text,
>>> +                         uni_char_t *psz_uni_text,
>>>                          text_style_t **pp_styles,
>>>                          uint32_t *pi_k_dates,
>>>                          int i_len )
>>> {
>>>     filter_sys_t   *p_sys = p_filter->p_sys;
>>> -    uni_char_t     *p_fribidi_string = NULL;
>>> +    uint32_t       *psz_text = (uint32_t*)psz_uni_text;
>>> +    uint32_t       *p_fribidi_string = NULL;
>>>     text_style_t   **pp_fribidi_styles = NULL;
>>>     int            *p_new_positions = NULL;
>>>
>>> +#ifdef __OS2__
>>> +    uint32_t *psz_text_buf;
>>> +
>>> +    psz_text = malloc( (i_len + 1) * sizeof(*psz_text) );
>>> +    if( !psz_text )
>>> +        return VLC_ENOMEM;
>>> +
>>> +    /* Conversion uni_char_t string to FriBidiChar string */
>>> +    for( int i = 0; i <= i_len; i++ )
>>> +        psz_text[i] = psz_uni_text[i];
>>> +
>>> +    psz_text_buf = psz_text;
>>> +#endif
>>> +
>>> #if defined(HAVE_FRIBIDI)
>>>     {
>>>         int    *p_old_positions;
>>> @@ -1183,6 +1198,9 @@ static int ProcessLines( filter_t *p_filter,
>>>             free( p_new_positions );
>>>             free( p_fribidi_string );
>>>             free( pp_fribidi_styles );
>>> +#ifdef __OS2__
>>> +            free( psz_text_buf );
>>> +#endif
>>>             return VLC_ENOMEM;
>>>         }
>>>
>>> @@ -1567,6 +1585,9 @@ static int ProcessLines( filter_t *p_filter,
>>>     if( p_face )
>>>         FT_Done_Face( p_face );
>>>
>>> +#ifdef __OS2__
>>> +    free( psz_text_buf );
>>> +#endif
>>>     free( pp_fribidi_styles );
>>>     free( p_fribidi_string );
>>>     free( pi_karaoke_bar );
>>> -- 
>>> 2.13.3
>>>
>>> _______________________________________________
>>> vlc-devel mailing list
>>> To unsubscribe or modify your subscription options:
>>> https://mailman.videolan.org/listinfo/vlc-devel
>> 
>> That does not look right from a very quick glance. It should probably
>do whatever Windows does.
>> 
>
>This is because OS/2 kLIBC iconv() does not support UCS4 but UCS2. As a
>result, uni_char_t should be 2-byte size. I don't think Windows does
>like this.
>
>-- 
>KO Myung-Hun
>
>Using Mozilla SeaMonkey 2.7.2
>Under OS/2 Warp 4 for Korean with FixPak #15
>In VirtualBox v4.1.32 on Intel Core i7-3615QM 2.30GHz with 8GB RAM
>
>Korean OS/2 User Community : http://www.os2.kr/
>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel

That statement does not make sense to me. iconv converts between two specified encodings, not to/from a fixed encoding, unlike say MultiByteToWideChar() or FromCharset()
-- 
Rémi Denis-Courmont
Typed on an inconvenient virtual keyboard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170809/eef74dd7/attachment.html>


More information about the vlc-devel mailing list