[vlc-devel] [vlc 2.2 PATCH 2/2] freetype: fix memory corruption when fribidi enabled on OS/2
Rémi Denis-Courmont
remi at remlab.net
Wed Aug 9 17:26:36 CEST 2017
Le 9 août 2017 18:11:37 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a écrit :
>
>
>Rémi Denis-Courmont wrote:
>> Le 9 août 2017 13:44:03 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a
>écrit :
>>> uni_char_t is 2-byte size on OS/2. However, FriBidiChar is 4-byte
>size.
>>> While conversion, the memory pointed by uni_char_t * is corrupted.
>>> ---
>>> modules/text_renderer/freetype.c | 25 +++++++++++++++++++++++--
>>> 1 file changed, 23 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/modules/text_renderer/freetype.c
>>> b/modules/text_renderer/freetype.c
>>> index b9da7bf28c..0ae6c16809 100644
>>> --- a/modules/text_renderer/freetype.c
>>> +++ b/modules/text_renderer/freetype.c
>>> @@ -1153,16 +1153,31 @@ static int ProcessLines( filter_t *p_filter,
>>> FT_BBox *p_bbox,
>>> int *pi_max_face_height,
>>>
>>> - uni_char_t *psz_text,
>>> + uni_char_t *psz_uni_text,
>>> text_style_t **pp_styles,
>>> uint32_t *pi_k_dates,
>>> int i_len )
>>> {
>>> filter_sys_t *p_sys = p_filter->p_sys;
>>> - uni_char_t *p_fribidi_string = NULL;
>>> + uint32_t *psz_text = (uint32_t*)psz_uni_text;
>>> + uint32_t *p_fribidi_string = NULL;
>>> text_style_t **pp_fribidi_styles = NULL;
>>> int *p_new_positions = NULL;
>>>
>>> +#ifdef __OS2__
>>> + uint32_t *psz_text_buf;
>>> +
>>> + psz_text = malloc( (i_len + 1) * sizeof(*psz_text) );
>>> + if( !psz_text )
>>> + return VLC_ENOMEM;
>>> +
>>> + /* Conversion uni_char_t string to FriBidiChar string */
>>> + for( int i = 0; i <= i_len; i++ )
>>> + psz_text[i] = psz_uni_text[i];
>>> +
>>> + psz_text_buf = psz_text;
>>> +#endif
>>> +
>>> #if defined(HAVE_FRIBIDI)
>>> {
>>> int *p_old_positions;
>>> @@ -1183,6 +1198,9 @@ static int ProcessLines( filter_t *p_filter,
>>> free( p_new_positions );
>>> free( p_fribidi_string );
>>> free( pp_fribidi_styles );
>>> +#ifdef __OS2__
>>> + free( psz_text_buf );
>>> +#endif
>>> return VLC_ENOMEM;
>>> }
>>>
>>> @@ -1567,6 +1585,9 @@ static int ProcessLines( filter_t *p_filter,
>>> if( p_face )
>>> FT_Done_Face( p_face );
>>>
>>> +#ifdef __OS2__
>>> + free( psz_text_buf );
>>> +#endif
>>> free( pp_fribidi_styles );
>>> free( p_fribidi_string );
>>> free( pi_karaoke_bar );
>>> --
>>> 2.13.3
>>>
>>> _______________________________________________
>>> vlc-devel mailing list
>>> To unsubscribe or modify your subscription options:
>>> https://mailman.videolan.org/listinfo/vlc-devel
>>
>> That does not look right from a very quick glance. It should probably
>do whatever Windows does.
>>
>
>This is because OS/2 kLIBC iconv() does not support UCS4 but UCS2. As a
>result, uni_char_t should be 2-byte size. I don't think Windows does
>like this.
>
>--
>KO Myung-Hun
>
>Using Mozilla SeaMonkey 2.7.2
>Under OS/2 Warp 4 for Korean with FixPak #15
>In VirtualBox v4.1.32 on Intel Core i7-3615QM 2.30GHz with 8GB RAM
>
>Korean OS/2 User Community : http://www.os2.kr/
>
>_______________________________________________
>vlc-devel mailing list
>To unsubscribe or modify your subscription options:
>https://mailman.videolan.org/listinfo/vlc-devel
That statement does not make sense to me. iconv converts between two specified encodings, not to/from a fixed encoding, unlike say MultiByteToWideChar() or FromCharset()
--
Rémi Denis-Courmont
Typed on an inconvenient virtual keyboard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170809/eef74dd7/attachment.html>
More information about the vlc-devel
mailing list