lvrend: fix possible buffer overflow

koreader · Jan 31, 2025 · a5e7eae · a5e7eae
1 parent 3e1ee18
commit a5e7eae
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/crengine/src/lvrend.cpp b/crengine/src/lvrend.cpp
@@ -12273,9 +12273,8 @@ void getRenderedWidths(ldomNode * node, int &maxWidth, int &minWidth, int direct
             printf("GRW text: |%s|\n", UnicodeToLocal(text).c_str());
             printf("GRW text:  (dumb text size=%d)\n", font->getTextWidth(txt, len));
         #endif
-        #define MAX_TEXT_CHUNK_SIZE 4096
-        static lUInt16 widths[MAX_TEXT_CHUNK_SIZE+1];
-        static lUInt8 flags[MAX_TEXT_CHUNK_SIZE+1];
+        lUInt16 *widths = new lUInt16[len];
+        lUInt8 *flags = new lUInt8[len];
 
         // todo: use fribidi and split measurement at fribidi level change,
         // and beware left/right side bearing adjustments...
@@ -12527,6 +12526,8 @@ void getRenderedWidths(ldomNode * node, int &maxWidth, int &minWidth, int direct
             len -= chars_measured;
             start += chars_measured;
         }
+        delete [] widths;
+        delete [] flags;
     }
     #ifdef DEBUG_GETRENDEREDWIDTHS
         printf("GRW current: max=%d word=%d (max=%d, min=%d)\n", curMaxWidth, curWordWidth, maxWidth, minWidth);