From da4401587c8087174f1cffa22475ff1bac027295 Mon Sep 17 00:00:00 2001 From: Irie Shinsuke Date: Wed, 27 Mar 2013 09:57:34 +0000 Subject: Fix [#34768] Out of bounds access in console selection. txt_utf8_column_to_offset(): don't advance the offset anymore if a null character is found. --- source/blender/blenkernel/intern/text.c | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/source/blender/blenkernel/intern/text.c b/source/blender/blenkernel/intern/text.c index 3936c533a41..29f16775598 100644 --- a/source/blender/blenkernel/intern/text.c +++ b/source/blender/blenkernel/intern/text.c @@ -804,7 +804,7 @@ int txt_utf8_offset_to_column(const char *str, int offset) int txt_utf8_column_to_offset(const char *str, int column) { int offset = 0, pos = 0, col; - while (pos < column) { + while (*(str + offset) && pos < column) { col = BLI_str_utf8_char_width_safe(str + offset); if (pos + col > column) break; @@ -827,17 +827,6 @@ static int txt_utf8_len(const char *src) return len; } -static int txt_utf8_width(const char *src) -{ - int col = 0; - - for (; *src; src += BLI_str_utf8_size(src)) { - col += BLI_str_utf8_char_width(src); - } - - return col; -} - void txt_move_up(Text *text, short sel) { TextLine **linep; @@ -851,8 +840,7 @@ void txt_move_up(Text *text, short sel) if ((*linep)->prev) { int column = txt_utf8_offset_to_column((*linep)->line, *charp); *linep = (*linep)->prev; - if (column > txt_utf8_width((*linep)->line)) *charp = (*linep)->len; - else *charp = txt_utf8_column_to_offset((*linep)->line, column); + *charp = txt_utf8_column_to_offset((*linep)->line, column); } else { @@ -875,8 +863,7 @@ void txt_move_down(Text *text, short sel) if ((*linep)->next) { int column = txt_utf8_offset_to_column((*linep)->line, *charp); *linep = (*linep)->next; - if (column > txt_utf8_width((*linep)->line)) *charp = (*linep)->len; - else *charp = txt_utf8_column_to_offset((*linep)->line, column); + *charp = txt_utf8_column_to_offset((*linep)->line, column); } else { txt_move_eol(text, sel); -- cgit v1.2.3