From 4b8fd4e1afa0ef43049ded0a35d3279f070b6587 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Mon, 28 Mar 2011 16:30:37 +0200 Subject: [PATCH] Fixed a buffer overflow in cFont::Bidi() --- CONTRIBUTORS | 1 + HISTORY | 1 + font.c | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTORS b/CONTRIBUTORS index 1fa08903..3e57f866 100644 --- a/CONTRIBUTORS +++ b/CONTRIBUTORS @@ -1265,6 +1265,7 @@ Reinhard Nissl debugging, and an implementation of the AlphaBlend() function. for storing the original display size when handling DVB subtitles for reporting a problem with horizontal scaling of subtitles + for fixing a buffer overflow in cFont::Bidi() Richard Robson for reporting freezing replay if a timer starts while in Transfer Mode from the diff --git a/HISTORY b/HISTORY index 9590e5d7..c8658e4b 100644 --- a/HISTORY +++ b/HISTORY @@ -6592,3 +6592,4 @@ Video Disk Recorder Revision History - Added Cancel(3) to ~cTrueColorDemo() in the "osddemo" plugin (thanks to Reinhard Nissl). - Added a missing font deletion in cTrueColorDemo::Action() in the "osddemo" plugin (thanks to Reinhard Nissl). +- Fixed a buffer overflow in cFont::Bidi() (thanks to Reinhard Nissl). diff --git a/font.c b/font.c index db1bd893..16d1013c 100644 --- a/font.c +++ b/font.c @@ -6,7 +6,7 @@ * * BiDi support by Osama Alrawab @2008 Tripoli-Libya. * - * $Id: font.c 2.7 2011/02/26 12:09:18 kls Exp $ + * $Id: font.c 2.8 2011/03/28 16:29:51 kls Exp $ */ #include "font.h" @@ -520,7 +520,7 @@ cString cFont::Bidi(const char *Ltr) bool ok = fribidi_log2vis(Logical, RtlLen, &Base, Visual, NULL, NULL, NULL); if (ok) { fribidi_remove_bidi_marks(Visual, RtlLen, NULL, NULL, NULL); - Rtl = MALLOC(char, RtlLen * 4); + Rtl = MALLOC(char, RtlLen * 4 + 1); fribidi_unicode_to_charset(fribidiCharset, Visual, RtlLen, Rtl); } free(Logical);