From 039e282a40c4f1a0f0d58fd0d46d713ffb8ea36b Mon Sep 17 00:00:00 2001
From: Raymond Liu <raymond.liu@intel.com>
Date: Wed, 11 Mar 2009 14:35:26 +0800
Subject: [PATCH] [text] Crash when multi-byte utf8 text exceeds max_length

Bug 1500 - [Patch] clutter_text crash with non one-byte utf8 text exceed
           max_length

In clutter_text_set_text_internal(), when text length in character is greater
than max_length, and there are multi-byte character in it, then the new text
string buffer is not malloc()'ed with right length. This will cause the app to
crash with segmention fault.

Signed-off-by: Emmanuele Bassi <ebassi@linux.intel.com>
---
 clutter/clutter-text.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clutter/clutter-text.c b/clutter/clutter-text.c
index 4d3c309..a987577 100644
--- a/clutter/clutter-text.c
+++ b/clutter/clutter-text.c
@@ -2810,7 +2810,8 @@ clutter_text_set_text_internal (ClutterText *self,
         }
       else
         {
-          gchar *n = g_malloc0 (priv->max_length + 1);
+          gchar *p = g_utf8_offset_to_pointer (text, priv->max_length);
+          gchar *n = g_malloc0 ((p - text) + 1);
 
           g_free (priv->text);
 
-- 
2.7.4