From f4f48950788b91c6a30029cc28a240b834713ea7 Mon Sep 17 00:00:00 2001 From: Grigori Goronzy Date: Tue, 4 Oct 2016 21:25:41 +0200 Subject: [PATCH] Fix line wrapping mode 0/3 bugs This fixes two separate bugs: a) Don't move a linebreak into the first symbol. This results in a empty line at the front, which does not help to equalize line lengths at all. Instead, merge line with the second one. b) When moving a linebreak into a symbol that already is a break, the number of lines must be decremented. Otherwise, uninitialized memory is possibly used for later layout operations. Found by fuzzer test case id:000085,sig:11,src:003377+003350,op:splice,rep:8. This might also affect and hopefully fix libass#229. v2: change semantics according to review --- libass/ass_render.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libass/ass_render.c b/libass/ass_render.c index 8790408..1d3c0c5 100644 --- a/libass/ass_render.c +++ b/libass/ass_render.c @@ -1608,7 +1608,10 @@ wrap_lines_smart(ASS_Renderer *render_priv, double max_text_width) (w->bbox.xMin + w->pos.x)); if (DIFF(l1_new, l2_new) < DIFF(l1, l2)) { - w->linebreak = 1; + if (w->linebreak || w == text_info->glyphs) + text_info->n_lines--; + if (w != text_info->glyphs) + w->linebreak = 1; s2->linebreak = 0; exit = 0; } -- 2.40.0