Horizontal padding was doing something stupid in (I think) a vague attempt at handling line gaps. That didn't really work in practice, and caused obvious OOB writes, as the fill_rect call isn't a checked one. (Fix #49, many thanks for the detailed report!).
During the investigation, I encountered an issue I'd only sporadically managed to reproduce, and that I'd previously only papered over (read: hide behind an error instead of crashing ;p), whereas some unbreakable lines passed the linebreak pass (getting a mandatory, dumb break), but failed the drawing pass: it turned out the linebreak pass was correctly only skipping applying kerning for the final character of the string (because there's nothing to kern for), but the drawing pass was instead skipping the final character of the line! My test string happened to break on a comma (so, much kerning applied!) and fit with only a pixel to spare.
Made the check slightly less scary in the process (i.e., compare to strlen's result instead of poking ahead and hoping to hit a NUL ;p).
(That usually required some large-ish font sizes and hard-to-break content to reproduce; here the string you're looking for, w/ KOReader's copy of Noto Sans Regular, at size 48, on a H2O (1080x1440, 265dpi)).
Horizontal padding was doing something stupid in (I think) a vague attempt at handling line gaps. That didn't really work in practice, and caused obvious OOB writes, as the fill_rect call isn't a checked one. (Fix #49, many thanks for the detailed report!).
During the investigation, I encountered an issue I'd only sporadically managed to reproduce, and that I'd previously only papered over (read: hide behind an error instead of crashing ;p), whereas some unbreakable lines passed the linebreak pass (getting a mandatory, dumb break), but failed the drawing pass: it turned out the linebreak pass was correctly only skipping applying kerning for the final character of the string (because there's nothing to kern for), but the drawing pass was instead skipping the final character of the line! My test string happened to break on a comma (so, much kerning applied!) and fit with only a pixel to spare. Made the check slightly less scary in the process (i.e., compare to strlen's result instead of poking ahead and hoping to hit a NUL ;p).
(That usually required some large-ish font sizes and hard-to-break content to reproduce; here the string
you're looking for,w/ KOReader's copy of Noto Sans Regular, at size 48, on a H2O (1080x1440, 265dpi)).This change is