mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-22 09:21:57 -05:00
Code Issues Projects Releases Packages Wiki Activity

LibWeb: Fix OOB access in "text-overflow: ellipsis" clip

Browse source 
Fixes out of bound access to glyph run when `last_glyph_index` is 0.

Fixes crashing on https://github.com/LadybirdBrowser/ladybird/pulls

(cherry picked from commit fa605ef22577d92bbfc3f4a809bb1b4072bb0048)
This commit is contained in:
Aliaksandr Kalenik 2024-08-03 18:18:44 +03:00 committed by Nico Weber
parent 39b3746306
commit 81f2405c8b
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Tests/LibWeb/Ref/text-overflow.html
View file

@ -15,3 +15,4 @@
</style>
<div class="clip">This text gets clipped</div>
<div class="ellipsis">This text gets an ellipsis</div>
<div class="ellipsis" style="width: 0px">Invisible</div>

13
Userland/Libraries/LibWeb/Layout/InlineFormattingContext.cpp
View file

@ -351,7 +351,7 @@ void InlineFormattingContext::generate_line_boxes(LayoutMode layout_mode)
auto max_text_width = available_width - ellipsis_width;
auto& glyphs = glyph_run->glyphs();
auto last_glyph_index = 0;
size_t last_glyph_index = 0;
auto last_glyph_position = Gfx::FloatPoint();
for (auto const& glyph_or_emoji : glyphs) {
@ -370,10 +370,13 @@ void InlineFormattingContext::generate_line_boxes(LayoutMode layout_mode)
last_glyph_position = this_position;
}
auto remove_item_count = glyphs.size() - last_glyph_index;
glyphs.remove(last_glyph_index - 1, remove_item_count);
glyphs.append(Gfx::DrawGlyph(last_glyph_position, ellipsis_codepoint));
if (last_glyph_index > 1) {
auto remove_item_count = glyphs.size() - last_glyph_index;
glyphs.remove(last_glyph_index - 1, remove_item_count);
glyphs.append(Gfx::DrawGlyph {
.position = last_glyph_position,
.code_point = ellipsis_codepoint });
}
}
}
line_builder.append_text_chunk(