[vlc-devel] [vlc 2.2 PATCH 2/2] freetype: fix memory corruption when fribidi enabled on OS/2
KO Myung-Hun
komh78 at gmail.com
Thu Aug 10 06:09:44 CEST 2017
Hi/2.
Rémi Denis-Courmont wrote:
> Le 9 août 2017 18:11:37 GMT+03:00, KO Myung-Hun <komh78 at gmail.com> a
> écrit :
>>
>>
>> Rémi Denis-Courmont wrote:
>>> Le 9 août 2017 13:44:03 GMT+03:00, KO Myung-Hun
>>> <komh78 at gmail.com> a
>> écrit :
>>>> uni_char_t is 2-byte size on OS/2. However, FriBidiChar is
>>>> 4-byte
>> size.
>>>> While conversion, the memory pointed by uni_char_t * is
>>>> corrupted. --- modules/text_renderer/freetype.c | 25
>>>> +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2
>>>> deletions(-)
>>>>
>>>> diff --git a/modules/text_renderer/freetype.c
>>>> b/modules/text_renderer/freetype.c index b9da7bf28c..0ae6c16809
>>>> 100644 --- a/modules/text_renderer/freetype.c +++
>>>> b/modules/text_renderer/freetype.c @@ -1153,16 +1153,31 @@
>>>> static int ProcessLines( filter_t *p_filter, FT_BBox
>>>> *p_bbox, int *pi_max_face_height,
>>>>
>>>> - uni_char_t *psz_text, +
>>>> uni_char_t *psz_uni_text, text_style_t **pp_styles, uint32_t
>>>> *pi_k_dates, int i_len ) { filter_sys_t *p_sys =
>>>> p_filter->p_sys; - uni_char_t *p_fribidi_string = NULL;
>>>> + uint32_t *psz_text = (uint32_t*)psz_uni_text; +
>>>> uint32_t *p_fribidi_string = NULL; text_style_t
>>>> **pp_fribidi_styles = NULL; int *p_new_positions =
>>>> NULL;
>>>>
>>>> +#ifdef __OS2__ + uint32_t *psz_text_buf; + + psz_text =
>>>> malloc( (i_len + 1) * sizeof(*psz_text) ); + if( !psz_text
>>>> ) + return VLC_ENOMEM; + + /* Conversion uni_char_t
>>>> string to FriBidiChar string */ + for( int i = 0; i <=
>>>> i_len; i++ ) + psz_text[i] = psz_uni_text[i]; + +
>>>> psz_text_buf = psz_text; +#endif + #if defined(HAVE_FRIBIDI) {
>>>> int *p_old_positions; @@ -1183,6 +1198,9 @@ static int
>>>> ProcessLines( filter_t *p_filter, free( p_new_positions );
>>>> free( p_fribidi_string ); free( pp_fribidi_styles ); +#ifdef
>>>> __OS2__ + free( psz_text_buf ); +#endif return
>>>> VLC_ENOMEM; }
>>>>
>>>> @@ -1567,6 +1585,9 @@ static int ProcessLines( filter_t
>>>> *p_filter, if( p_face ) FT_Done_Face( p_face );
>>>>
>>>> +#ifdef __OS2__ + free( psz_text_buf ); +#endif free(
>>>> pp_fribidi_styles ); free( p_fribidi_string ); free(
>>>> pi_karaoke_bar ); -- 2.13.3
>>>>
>>>> _______________________________________________ vlc-devel
>>>> mailing list To unsubscribe or modify your subscription
>>>> options: https://mailman.videolan.org/listinfo/vlc-devel
>>>
>>> That does not look right from a very quick glance. It should
>>> probably
>> do whatever Windows does.
>>>
>>
>> This is because OS/2 kLIBC iconv() does not support UCS4 but UCS2.
>> As a result, uni_char_t should be 2-byte size. I don't think
>> Windows does like this.
>>
>> -- KO Myung-Hun
>>
>> Using Mozilla SeaMonkey 2.7.2 Under OS/2 Warp 4 for Korean with
>> FixPak #15 In VirtualBox v4.1.32 on Intel Core i7-3615QM 2.30GHz
>> with 8GB RAM
>>
>> Korean OS/2 User Community : http://www.os2.kr/
>>
>> _______________________________________________ vlc-devel mailing
>> list To unsubscribe or modify your subscription options:
>> https://mailman.videolan.org/listinfo/vlc-devel
>
> That statement does not make sense to me. iconv converts between two
> specified encodings, not to/from a fixed encoding, unlike say
> MultiByteToWideChar() or FromCharset()
>
This distinguishing has any sense ? FromCharset() and ToCharset() use
iconv() with fixing one argument to UTF-8. In case of freetype module,
ToCharset(). In any cases, UCS4 is not supported on OS/2 kLIBC.
--
KO Myung-Hun
Using Mozilla SeaMonkey 2.7.2
Under OS/2 Warp 4 for Korean with FixPak #15
In VirtualBox v4.1.32 on Intel Core i7-3615QM 2.30GHz with 8GB RAM
Korean OS/2 User Community : http://www.os2.kr/
More information about the vlc-devel
mailing list