Hello Aric,
On Tue, Feb 5, 2013 at 11:25 PM, Alexandre Julliard <julli...@winehq.org> wrote:
> Module: wine
> Branch: master
> Commit: ef4b7c5948e43d4ceeed98ba4ddbf6c222259d36
> URL:
> http://source.winehq.org/git/wine.git/?a=commit;h=ef4b7c5948e43d4ceeed98ba4ddbf6c222259d36
>
> Author: Aric Stewart <a...@codeweavers.com>
> Date: Tue Feb 5 08:57:44 2013 -0600
>
> usp10: Update diacritical script handling for non OpenType Itemization.
(snip)
> + for (j = i-1; j >= 0 && scripts[j] == first_script &&
> pwcInChars[j] != Numeric_space; j--)
> + {
> + WORD original = scripts[j];
> + if (original == Script_Ideograph || original ==
> Script_Kana || original == Script_Yi || original == Script_CJK_Han ||
> original == Script_Bopomofo)
> + {
> + asian = TRUE;
> + break;
> + }
> + if (original != Script_MathAlpha &&
> scriptInformation[scripts[j]].props.fComplex)
> + break;
> + scripts[j] = scripts[i];
> + if (original == Script_Punctuation2)
> + break;
> + }
> + if (scriptInformation[scripts[j]].props.fComplex ||
> asian)
> + scripts[i] = scripts[j];
I am not sure about the logic of this, so I can't commit a good patch,
but in the last statement you definitely access scripts[-1] when j
reaches the value of 0. Which may cause a crash here or (in my case)
later.
-- Ph.
