xtext: Fix overflow on long lines

xtext keeps a static buffer and uses it for various things
and asserts that every text entry is < 4096. It does
this check on gtk_xtext_append*() except it does the check only on
the right half of text when indent is enabled.

This overflow caused corruption in the xtext struct
changing the url check functions making hovering
with the mouse do 'undefined' things.

In the long term this should be removed for a dynamically
allocated buffer so no arbitrary size limit exists and
text gets cut off.

Fixes #1465
Fixes #1186
Fixes #1206
This commit is contained in:
Patrick Griffis 2015-10-30 00:57:25 -04:00
parent 1e914347d7
commit c8539b93fe
1 changed files with 5 additions and 2 deletions

View File

@ -4649,8 +4649,8 @@ gtk_xtext_append_indent (xtext_buffer *buf,
if (right_len == -1)
right_len = strlen (right_text);
if (right_len >= sizeof (buf->xtext->scratch_buffer))
right_len = sizeof (buf->xtext->scratch_buffer) - 1;
if (left_len + right_len + 2 >= sizeof (buf->xtext->scratch_buffer))
right_len = sizeof (buf->xtext->scratch_buffer) - left_len - 2;
if (right_text[right_len-1] == '\n')
right_len--;
@ -4670,6 +4670,9 @@ gtk_xtext_append_indent (xtext_buffer *buf,
ent->str_len = left_len + 1 + right_len;
ent->indent = (buf->indent - left_width) - buf->xtext->space_width;
/* This is copied into the scratch buffer later, double check math */
g_assert (ent->str_len < sizeof (buf->xtext->scratch_buffer));
if (buf->time_stamp)
space = buf->xtext->stamp_width;
else