core.git: Branch 'distro/collabora/co-24.04.3' - vcl/source

[Michael Meeks (via logerrit)]

 vcl/source/gdi/impglyphitem.cxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit e095af113f72e53b984c2862e9ff0e9bf1da3e4a
Author:     Michael Meeks <michael.me...@collabora.com>
AuthorDate: Sat Jun 8 14:38:34 2024 +0100
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Mon Jun 10 17:01:53 2024 +0200

    Avoid potential negative array index access to cached text.
    
        if ((nIndex != 0 || nLen != text.getLength()) && !skipGlyphSubsets)
            seems unlikely to protect us from this:
    
            /opt/rh/devtoolset-12/root/usr/include/c++/12/string_view:239: 
constexpr const std::basic_string_view<_CharT, _Traits>::value_type& 
std::basic_string_view<_CharT, _Traits>::operator[](size_type) const [with 
_CharT = char16_t; _Traits = std::char_traits<char16_t>; const_reference = 
const char16_t&; size_type = long unsigned int]: Assertion '__pos < 
this->_M_len' failed.
    
            coolwsd[16958] ... SIG   Fatal signal received: SIGABRT code: 
18446744073709551610 for address: 0x7300004e16
    
            SalLayoutGlyphsCache::GetLayoutGlyphs(VclPtr<OutputDevice const>, 
rtl::OUString const&, int, int, long, vcl::text::TextLayoutCache const*)
                    
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/vcl/source/gdi/impglyphitem.cxx:399
            GetTextArray(OutputDevice const&, rtl::OUString const&, KernArray&, 
int, int, bool, vcl::text::TextLayoutCache const*)
                    
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/include/rtl/ref.hxx:128
            SwFntObj::GetTextSize(SwDrawTextInfo&)
                    
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/txtnode/fntcache.cxx:766
            SwSubFont::GetTextSize_(SwDrawTextInfo&)
                    
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/txtnode/swfont.cxx:1022
            SwTextSizeInfo::GetTextSize() const
                    
/home/collabora/jenkins/workspace/build_core_co-24.04_for_online_snapshot/sw/source/core/inc/swfont.hxx:314
    
            blind fix - but seeing a lot of these.
    
    Change-Id: Icb6ca25e4b8c6ef8a5e5b89dfa01b56bb788378d
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168575
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>

diff --git a/vcl/source/gdi/impglyphitem.cxx b/vcl/source/gdi/impglyphitem.cxx
index ca8016a1925d..e50948077f45 100644
--- a/vcl/source/gdi/impglyphitem.cxx
+++ b/vcl/source/gdi/impglyphitem.cxx
@@ -379,7 +379,7 @@ SalLayoutGlyphsCache::GetLayoutGlyphs(VclPtr<const 
OutputDevice> outputDevice, c
             if (mLastSubstringKey.has_value() && !bAbortOnFontSubstitute)
             {
                 sal_Int32 pos = nIndex;
-                if (mLastSubstringKey->len < pos && text[pos - 1] == nbSpace)
+                if (mLastSubstringKey->len < pos && pos > 0 && text[pos - 1] 
== nbSpace)
                     --pos; // Writer skips a non-breaking space, so skip that 
character too.
                 if ((mLastSubstringKey->len == pos || mLastSubstringKey->index 
== nIndex)
                     && mLastSubstringKey