diff options
author | Choe Hwanjin <choe.hwanjin@gmail.com> | 2018-08-15 22:16:40 +0900 |
---|---|---|
committer | Choe Hwanjin <choe.hwanjin@gmail.com> | 2018-08-17 23:10:21 +0900 |
commit | 9c2ce96c1f127aeb80277d22706fa1e45b91376b (patch) | |
tree | b734f3c0ae12c64ae536f277fc520093109276c5 | |
parent | c816bcf6b5debc6f268e5bd6822ca1c95e06446b (diff) | |
download | ibus-hangul-9c2ce96c1f127aeb80277d22706fa1e45b91376b.tar.gz |
Fix interger overflow on h_ibus_text_get_substring()
The second argument 'cursor_pos - 64' may overflow, where cursor_pos is
unsigned. So the value of 'cursor_pos' will be to large.
Casting to signed integer may solve this problem.
And 64 hardcoded value is too large, 32 may be enough.
-rw-r--r-- | src/engine.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/engine.c b/src/engine.c index a72a38f..5f291fc 100644 --- a/src/engine.c +++ b/src/engine.c @@ -763,6 +763,7 @@ ibus_hangul_engine_lookup_hanja_table (const char* key, int method) break; } + g_debug("lookup hanja table: %s", key); return list; } @@ -802,7 +803,7 @@ ibus_hangul_engine_update_hanja_list (IBusHangulEngine *hangul) &cursor_pos, &anchor_pos); substr = h_ibus_text_get_substring (ibus_text, - cursor_pos - 64, cursor_pos); + (glong)cursor_pos - 32, cursor_pos); if (substr != NULL) { hanja_key = g_strconcat (substr, preedit_utf8, NULL); @@ -822,7 +823,7 @@ ibus_hangul_engine_update_hanja_list (IBusHangulEngine *hangul) lookup_method = LOOKUP_METHOD_EXACT; } else { hanja_key = h_ibus_text_get_substring (ibus_text, - cursor_pos - 64, cursor_pos); + (glong)cursor_pos - 32, cursor_pos); lookup_method = LOOKUP_METHOD_SUFFIX; } } |