Fix bounds checking in FlAccessibleTextField#188137
Merged
robert-ancell merged 1 commit intoJun 18, 2026
Merged
Conversation
Add bounds validation to get_substring and get_string_at_offset to prevent out-of-bounds memory access when ATK clients pass offsets beyond the text length. - get_substring: clamp start and end to [0, length] and ensure start <= end before calling g_utf8_substring. - get_string_at_offset: clamp start and end to [0, n_attrs-1] before accessing the PangoLogAttr array. Add tests for offset-beyond-end, empty text, and offset-at-end boundary conditions.
f3b0d5e to
9575ddf
Compare
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces bounds checking to FlAccessibleTextField in the Linux platform shell. Specifically, it clamps the start and end offsets in get_substring and get_string_at_offset to prevent out-of-bounds access. Additionally, comprehensive unit tests are added to verify correct behavior under various edge cases, such as empty text and offsets beyond the text length. I have no feedback to provide.
This was referenced Jun 18, 2026
auto-submit Bot
pushed a commit
to flutter/packages
that referenced
this pull request
Jun 18, 2026
flutter/flutter@b10d0f1...15963bc 2026-06-18 engine-flutter-autoroll@skia.org Roll Skia from 6e84902d56c3 to 1ae2466c9ea5 (4 revisions) (flutter/flutter#188172) 2026-06-18 engine-flutter-autoroll@skia.org Roll Packages from 6ce00a8 to 4fd05e6 (3 revisions) (flutter/flutter#188171) 2026-06-18 robert.ancell@canonical.com [Linux] Fix vertical offset in composite_layer (flutter/flutter#188145) 2026-06-18 robert.ancell@canonical.com [Linux] Fix incorrect GL datatypes for uniform locations (flutter/flutter#188143) 2026-06-18 engine-flutter-autoroll@skia.org Roll Dart SDK from e05c69222ea4 to 5883736e7670 (2 revisions) (flutter/flutter#188168) 2026-06-18 engine-flutter-autoroll@skia.org Roll Skia from 046277850e8d to 6e84902d56c3 (5 revisions) (flutter/flutter#188165) 2026-06-18 engine-flutter-autoroll@skia.org Roll Fuchsia Linux SDK from or21OEdGtairm6nl9... to 1E2qOlNnC2Ucn-1oV... (flutter/flutter#188162) 2026-06-18 engine-flutter-autoroll@skia.org Roll Skia from 8dd207d443d3 to 046277850e8d (1 revision) (flutter/flutter#188153) 2026-06-18 31859944+LongCatIsLooong@users.noreply.github.com Add entitlements.txt entries for new dart sdk binaries (flutter/flutter#188133) 2026-06-18 engine-flutter-autoroll@skia.org Roll Dart SDK from b670723c5f07 to e05c69222ea4 (1 revision) (flutter/flutter#188146) 2026-06-18 robert.ancell@canonical.com Fix bounds checking in FlAccessibleTextField (flutter/flutter#188137) 2026-06-18 engine-flutter-autoroll@skia.org Roll Skia from f5a2921fe23e to 8dd207d443d3 (2 revisions) (flutter/flutter#188141) 2026-06-18 30870216+gaaclarke@users.noreply.github.com Adds tests for disabling macos impeller (flutter/flutter#188132) 2026-06-17 jlemanski1@gmail.com Improve Flutter Web accessibility: update flt meta viewport tag to align with WCAG 2 guidelines (flutter/flutter#182047) 2026-06-17 engine-flutter-autoroll@skia.org Roll Dart SDK from e39bde5b1bfc to b670723c5f07 (2 revisions) (flutter/flutter#188130) 2026-06-17 engine-flutter-autoroll@skia.org Roll Skia from 066bfbac7282 to f5a2921fe23e (1 revision) (flutter/flutter#188128) 2026-06-17 matt.boetger@gmail.com Support --trace-systrace in release builds on Android (flutter/flutter#186359) 2026-06-17 matt.boetger@gmail.com Isolate compiled dill caches by TargetModel (flutter/flutter#187253) 2026-06-17 98614782+auto-submit[bot]@users.noreply.github.com Reverts "refactor(web): Unify Image on Skwasm and CanvasKit (#187873)" (flutter/flutter#188124) 2026-06-17 matt.kosarek@canonical.com Use a mock EGL manager in windows unittests to avoid flaky rendering calls (flutter/flutter#188078) 2026-06-17 matt.boetger@gmail.com [Android] Remove support for unused manifest flags (flutter/flutter#186021) 2026-06-17 30870216+gaaclarke@users.noreply.github.com Adds windows project switch for enabling impeller (flutter/flutter#188044) 2026-06-17 15619084+vashworth@users.noreply.github.com Skip prefetch SwiftPM dependencies if the project hasn't been migrated to SwiftPM yet (flutter/flutter#187206) 2026-06-17 nshahan@google.com [flutter_tools] Bump dwds to 27.1.2 (flutter/flutter#187951) 2026-06-17 30870216+gaaclarke@users.noreply.github.com Adds external texture devicelab test for windows impeller (flutter/flutter#187886) 2026-06-17 engine-flutter-autoroll@skia.org Roll Skia from 5d19002eb73e to 066bfbac7282 (2 revisions) (flutter/flutter#188118) 2026-06-17 34871572+gmackall@users.noreply.github.com Add note about magnifier issue when using transparent HCPP pv (flutter/flutter#187753) 2026-06-17 30870216+gaaclarke@users.noreply.github.com [linux]: fixes crash when resizing windows (flutter/flutter#187626) 2026-06-17 56400880+adilburaksen@users.noreply.github.com [flutter_tools] Enforce that package-declared asset paths stay within the package (flutter/flutter#187661) 2026-06-17 jason-simmons@users.noreply.github.com Remove canvaskit_cipd_instance from DEPS (flutter/flutter#188073) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages Please CC bmparr@google.com,stuartmorgan@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Packages: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
LouiseHsu
pushed a commit
to LouiseHsu/flutter
that referenced
this pull request
Jun 18, 2026
Add bounds validation to get_substring and get_string_at_offset to prevent out-of-bounds memory access when ATK clients pass offsets beyond the text length. - get_substring: clamp start and end to [0, length] and ensure start <= end before calling g_utf8_substring. - get_string_at_offset: clamp start and end to [0, n_attrs-1] before accessing the PangoLogAttr array. Add tests for offset-beyond-end, empty text, and offset-at-end boundary conditions.
loic-sharma
pushed a commit
to flutteractionsbot/flutter
that referenced
this pull request
Jun 23, 2026
Add bounds validation to get_substring and get_string_at_offset to prevent out-of-bounds memory access when ATK clients pass offsets beyond the text length. - get_substring: clamp start and end to [0, length] and ensure start <= end before calling g_utf8_substring. - get_string_at_offset: clamp start and end to [0, n_attrs-1] before accessing the PangoLogAttr array. Add tests for offset-beyond-end, empty text, and offset-at-end boundary conditions.
via-guy
pushed a commit
to via-guy/flutter
that referenced
this pull request
Jun 26, 2026
Add bounds validation to get_substring and get_string_at_offset to prevent out-of-bounds memory access when ATK clients pass offsets beyond the text length. - get_substring: clamp start and end to [0, length] and ensure start <= end before calling g_utf8_substring. - get_string_at_offset: clamp start and end to [0, n_attrs-1] before accessing the PangoLogAttr array. Add tests for offset-beyond-end, empty text, and offset-at-end boundary conditions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add bounds validation to get_substring and get_string_at_offset to prevent out-of-bounds memory access when ATK clients pass offsets beyond the text length.
Add tests for offset-beyond-end, empty text, and offset-at-end boundary conditions.