From 6ede60d84eaa41f12233e940759c6a6114cfc338 Mon Sep 17 00:00:00 2001 From: Elias Naur Date: Sun, 24 Apr 2022 10:50:10 +0200 Subject: [PATCH] app: [Android] avoid out-of-bounds access in getCursorCapsMode Fixes: https://todo.sr.ht/~eliasnaur/gio/404 Signed-off-by: Elias Naur --- app/GioView.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/GioView.java b/app/GioView.java index 9a61d0f2..80dd0d13 100644 --- a/app/GioView.java +++ b/app/GioView.java @@ -555,7 +555,11 @@ public final class GioView extends SurfaceView implements Choreographer.FrameCal @Override public int getCursorCapsMode(int reqModes) { Snippet snip = getSnippet(); int selStart = imeSelectionStart(nhandle); - return TextUtils.getCapsMode(snip.snippet, imeToUTF16(nhandle, selStart - snip.offset), reqModes); + int off = imeToUTF16(nhandle, selStart - snip.offset); + if (off < 0 || off > snip.snippet.length()) { + return 0; + } + return TextUtils.getCapsMode(snip.snippet, off, reqModes); } @Override public ExtractedText getExtractedText(ExtractedTextRequest request, int flags) {