From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Alan Third Newsgroups: gmane.emacs.bugs Subject: bug#51105: 29.0.50; Buffer overflow bug in ns_compute_glyph_string_overhangs Date: Sat, 9 Oct 2021 14:57:40 +0100 Message-ID: References: <83bl3yya46.fsf@gnu.org> <83v926whih.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="31987"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 51105@debbugs.gnu.org, Daniel =?UTF-8?Q?Mart=C3=ADn?= To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Oct 09 15:58:14 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mZCrd-00083M-GM for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 09 Oct 2021 15:58:13 +0200 Original-Received: from localhost ([::1]:46326 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mZCrb-0003h7-Ep for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 09 Oct 2021 09:58:11 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36912) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mZCrS-0003gy-1i for bug-gnu-emacs@gnu.org; Sat, 09 Oct 2021 09:58:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:42349) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mZCrR-0000Jt-NA for bug-gnu-emacs@gnu.org; Sat, 09 Oct 2021 09:58:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mZCrR-0006VL-MF for bug-gnu-emacs@gnu.org; Sat, 09 Oct 2021 09:58:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Alan Third Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 09 Oct 2021 13:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51105 X-GNU-PR-Package: emacs Original-Received: via spool by 51105-submit@debbugs.gnu.org id=B51105.163378787224985 (code B ref 51105); Sat, 09 Oct 2021 13:58:01 +0000 Original-Received: (at 51105) by debbugs.gnu.org; 9 Oct 2021 13:57:52 +0000 Original-Received: from localhost ([127.0.0.1]:53895 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mZCrI-0006Uv-EP for submit@debbugs.gnu.org; Sat, 09 Oct 2021 09:57:52 -0400 Original-Received: from outbound.soverin.net ([116.202.126.228]:44975) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mZCrG-0006Uf-Cq for 51105@debbugs.gnu.org; Sat, 09 Oct 2021 09:57:51 -0400 Original-Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id BDF98E3; Sat, 9 Oct 2021 13:57:43 +0000 (UTC) Original-Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1633787863; bh=O0/uQxuAbBh4S2x5EVcsmwWOz3LnXUdUo14A47hJYgY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Qmgz82ghxqCYVWlFuTJ3X12OPLBPL1W2iQRMR3LIg1DVdBbBK8uMGhzivtFciwTr9 YHgCail/nJR+4ZGJ72taNKN98TZjZEOUduNNpy6YEVcfoAyxETjWd3GmWdqqs1zUd5 Kp1XQTvfsvq9m0DP+DujlGboNblPIY+ufNEjnaqn56uaE/t3N3U/lt4/XVu8v3hKIn bY4232w+k3wQ83y75d+V3CXkkyl41Wo+eSycAxdgUy87n0R4RXUqsOYZRBXmZ7aObX Yn6hz3B6bkPrio1uVcJiNGIPfKk0wGFNQuxfuOlclkLId554LF3oBFFDveDtShLYlO R0cz4pccw2v3w== Original-Received: from alan by faroe.holly.idiocy.org with local (Exim 4.95-RC2) (envelope-from ) id 1mZCr6-000Bw0-By; Sat, 09 Oct 2021 14:57:40 +0100 Mail-Followup-To: Alan Third , Eli Zaretskii , Daniel =?UTF-8?Q?Mart=C3=ADn?= , 51105@debbugs.gnu.org Content-Disposition: inline In-Reply-To: <83v926whih.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:216772 Archived-At: On Sat, Oct 09, 2021 at 02:43:18PM +0300, Eli Zaretskii wrote: > > From: Daniel Martín > > Cc: 51105@debbugs.gnu.org > > Date: Sat, 09 Oct 2021 12:06:36 +0200 > > > > Now I think that the right thing to do may be to modify nsterm.m, switch > > on the glyph type and, if the glyph type is COMPOSITE_GLYPH, call > > composition_gstring_width to get the glyph metrics. Function > > composition_gstring_width uses the values from fields s->cmp_from and > > s->cmp_to, and would avoid the buffer overflow: > > > > (lldb) fr v s->cmp_from > > (int) s->cmp_from = 6 > > (lldb) fr v s->cmp_to > > (int) s->cmp_to = 7 > > > > WDYT? I can prepare a patch of this type if you agree. > > SGTM, but I'd like to hear Alan's opinion as well, as I don't feel I > know enough about the NS display backend. I don't know much about this part of the code, but it sounds good to me too. -- Alan Third