Use safe length measure function and fix length usage.

* We may get non-terminated strings so we need to use the
  UTF8NextCharLen() version that works with a length. Previously we may
  have read beyond buffers, possibly leading to crashes.
* Also the length parameter is used as an actual length and not as
  buffer size. The length check was wrong before, which resulted in the
  function returning too early if an offset was supplied.
* Added a comment about the guaranteed 0 termination in one case.
* Minor cleanup.
This commit is contained in:
Michael Lotz 2011-12-06 19:15:36 +01:00
parent 9f65f3dd66
commit 8eec72dcab

View File

@ -92,10 +92,10 @@ WidthBuffer::~WidthBuffer()
\return The space (in pixels) required to draw the given string.
*/
float
WidthBuffer::StringWidth(const char* inText, int32 fromOffset,
int32 length, const BFont* inStyle)
WidthBuffer::StringWidth(const char* inText, int32 fromOffset, int32 length,
const BFont* inStyle)
{
if (inText == NULL || length == 0)
if (inText == NULL || length <= 0)
return 0;
BAutolock _(fLock);
@ -108,13 +108,13 @@ WidthBuffer::StringWidth(const char* inText, int32 fromOffset,
int32 numChars = 0;
int32 textLen = 0;
char* sourceText = (char*)inText + fromOffset;
const char* sourceText = inText + fromOffset;
const float fontSize = inStyle->Size();
float stringWidth = 0;
for (int32 charLen = 0;
sourceText < inText + length;
sourceText += charLen) {
charLen = UTF8NextCharLen(sourceText);
for (int32 charLen = 0; length > 0;
sourceText += charLen, length -= charLen) {
charLen = UTF8NextCharLen(sourceText, length);
// End of string, bail out
if (charLen <= 0)
@ -300,6 +300,8 @@ WidthBuffer::HashEscapements(const char* inText, int32 numChars, int32 textLen,
const char* textEnd = inText + textLen;
// Insert the escapements into the hash table
do {
// Using this variant is safe as the handed in string is guaranteed to
// be 0 terminated.
const int32 charLen = UTF8NextCharLen(text);
if (charLen == 0)
break;