Trying to download 3gp file crashes appserver

[pulkomandy]

This is haiku hrev37652 and Web+ hrev535.

Downloading this file : ​http://homepage.ntlworld.com/hoyle.peter/video/elevated.3gp crashes app_server in DrawState::Transform().

[Coldfirex]

Can confirm under hrev39551 gcc2hybrid under virtualbox 3.2.10. kdl attached.

[stimut]

In ServerWindow::_DispatchViewDrawingMessage(), in the case for AS_DRAW_STRING_WITH_OFFSETS, on line 2785, the string length rather than the number of UTF8 glyphs is used. This would often be OK except when printing funky characters like in the linked .3gp file above. Since some of the characters will be multibyte, the string length will be longer than the number of glyhs, which means we call ConvertToScreenForDrawing with values beyond the end of the locations array, causing the access violation and the crash.

It is only a simple one line fix, which I have attached.

[stippi]

Absolutely correct findings. Thanks a bunch! You could check if the same mistake is done for the ServerPicture code path (should be in ServerWindow also), both code paths have yet to be refactored so no code is duplicated. I would appreciate if someone could apply this patch, otherwise I may get to it tonight.

[stimut]

No worries.

I've had a look at the ServerPicture code path but it doesn't seem to have the same problem since it doesn't have to deal with the AS_DRAW_STRINGS_WITH_OFFSETS case and so doesn't seem to care if the string contains multi-byte characters or not.

[stimut]

Just a friendly reminder that this patch hasn't been committed yet...

[stippi]

Thanks korli! The problem is that I would usually apply such patches when I am in Linux or Haiku, but at the moment, I am working in Windows all the time, mostly since Eclipse and everything else is a bit more zippy than in Linux, and I don't have a convenient way to quickly apply some patches from Windows when I read my mail. And then I forget about this stuff... sorry stimut!

[korli]

Tested OK. Applied in hrev40310.