[text] Crash when multi-byte utf8 text exceeds max_length

Bug 1500 - [Patch] clutter_text crash with non one-byte utf8 text exceed
           max_length

In clutter_text_set_text_internal(), when text length in character is greater
than max_length, and there are multi-byte character in it, then the new text
string buffer is not malloc()'ed with right length. This will cause the app to
crash with segmention fault.

Signed-off-by: Emmanuele Bassi <ebassi@linux.intel.com>

diff --git a/clutter/clutter-text.c b/clutter/clutter-text.c
index 4d3c309..a987577 100644 (file)
--- a/clutter/clutter-text.c
+++ b/clutter/clutter-text.c
@@ -2810,7 +2810,8 @@ clutter_text_set_text_internal (ClutterText *self,
         }
       else
         {
-          gchar *n = g_malloc0 (priv->max_length + 1);
+          gchar *p = g_utf8_offset_to_pointer (text, priv->max_length);
+          gchar *n = g_malloc0 ((p - text) + 1);
 
           g_free (priv->text);