From 837cad0d382e5600e68bb4ed6d499e6053fa50e5 Mon Sep 17 00:00:00 2001 From: Frank Gevaerts Date: Thu, 9 Jan 2014 23:20:48 +0100 Subject: [PATCH] bidi.c: Check buffer sizes. This could cause a crash with certain themes and long filenames. Change-Id: I0a48c91bb089b122a56c4e126ba4d7a175399fa2 --- firmware/bidi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firmware/bidi.c b/firmware/bidi.c index 2f4e137956..c19412693e 100644 --- a/firmware/bidi.c +++ b/firmware/bidi.c @@ -144,6 +144,7 @@ unsigned short *bidi_l2v(const unsigned char *str, int orientation) unsigned short *heb_str; /* *broken_str */ int block_start, block_end, block_type, block_length, i; int length = utf8length(str); + length=length>=SCROLL_LINE_SIZE?SCROLL_LINE_SIZE-1:length; #endif /* long max_chars=0; @@ -152,7 +153,7 @@ unsigned short *bidi_l2v(const unsigned char *str, int orientation) tmp = str; */ target = tmp = utf16_buf; - while (*str) + while (*str && target < &utf16_buf[SCROLL_LINE_SIZE-1]) str = utf8decode(str, target++); *target = 0;