tsm: unicode: fix accessing symbol-array out of bounds

The array type used to be from glib which did that check automatically. We
now have to check explicitely that we do not access it out-of-bounds.

This fixes a nasty resizing-bug of TSM.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>

diff --git a/src/tsm_unicode.c b/src/tsm_unicode.c
index 54bacfc..7b54cea 100644 (file)
--- a/src/tsm_unicode.c
+++ b/src/tsm_unicode.c
@@ -224,7 +224,7 @@ tsm_symbol_t tsm_symbol_make(uint32_t ucs4)
 const uint32_t *tsm_symbol_get(struct tsm_symbol_table *tbl,
                               tsm_symbol_t *sym, size_t *size)
 {
-       uint32_t *ucs4;
+       uint32_t *ucs4, idx;
        int ret;
 
        if (*sym <= TSM_UCS4_MAX) {
@@ -246,8 +246,12 @@ const uint32_t *tsm_symbol_get(struct tsm_symbol_table *tbl,
                tsm_symbol_table_default = tbl;
        }
 
-       ucs4 = *SHL_ARRAY_AT(tbl->index, uint32_t*,
-                            *sym - (TSM_UCS4_MAX + 1));
+       idx = *sym - (TSM_UCS4_MAX + 1);
+       if (idx >= shl_array_get_length(tbl->index))
+               ucs4 = NULL;
+       else
+               ucs4 = *SHL_ARRAY_AT(tbl->index, uint32_t*, idx);
+
        if (!ucs4) {
                if (size)
                        *size = 1;