Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 15:25:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 538065: avoid possible out-of-bounds array index in gfxFont::SanitizeGlyphRuns(). r=roc

Browse Source
This commit is contained in:
Jonathan Kew 2010-01-07 13:53:25 +00:00
parent 463f8f4bf1
commit 6517a01b63
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
gfx/thebes/src/gfxFont.cpp
View File

@ -2714,17 +2714,19 @@ gfxTextRun::SanitizeGlyphRuns()
// to the first "real" character to avoid drawing partial ligature glyphs from wrong font
// (seen with U+FEFF in reftest 474417-1, as Core Text eliminates the glyph, which makes
// it appear as if a ligature has been formed)
PRInt32 i, last = mGlyphRuns.Length() - 1;
for (i = last; i >= 0; --i) {
PRInt32 i, lastRunIndex = mGlyphRuns.Length() - 1;
for (i = lastRunIndex; i >= 0; --i) {
GlyphRun& run = mGlyphRuns[i];
while (mCharacterGlyphs[run.mCharacterOffset].IsLigatureContinuation() &&
run.mCharacterOffset < mCharacterCount) {
run.mCharacterOffset++;
}
// if the run has become empty, eliminate it
if ((i < last && run.mCharacterOffset >= mGlyphRuns[i+1].mCharacterOffset) ||
(i == last && run.mCharacterOffset == mCharacterCount)) {
if ((i < lastRunIndex &&
run.mCharacterOffset >= mGlyphRuns[i+1].mCharacterOffset) ||
(i == lastRunIndex && run.mCharacterOffset == mCharacterCount)) {
mGlyphRuns.RemoveElementAt(i);
--lastRunIndex;
}
}
}