From 6b8b86ca248cc47128ee3646d7ce17d2c0720522 Mon Sep 17 00:00:00 2001
From: Trevor Spiteri <trevor.spiteri@um.edu.mt>
Date: Tue, 15 Jan 2019 18:57:56 +0100
Subject: out-of-bounds access on clicking at end of text field

https://bugzilla.redhat.com/show_bug.cgi?id=1608371
https://bugs.launchpad.net/inkscape/+bug/1803553

Reproduce using:
1. Select text tool (F8)
2. Click on empty canvas
3. Type "abc"
4. Click somewhere else
5. Click in first text field after "c" in "abc"
---
 src/libnrtype/Layout-TNG-OutIter.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/libnrtype')

diff --git a/src/libnrtype/Layout-TNG-OutIter.cpp b/src/libnrtype/Layout-TNG-OutIter.cpp
index 74b9494a6..3dc5c3e4f 100644
--- a/src/libnrtype/Layout-TNG-OutIter.cpp
+++ b/src/libnrtype/Layout-TNG-OutIter.cpp
@@ -47,7 +47,10 @@ Layout::iterator Layout::_cursorXOnLineToIterator(unsigned line_index, double lo
             best_x_difference = this_x_difference;
         }
     }
-    if (best_char_index == -1) return iterator(this, char_index);
+    if (best_char_index == -1)
+        best_char_index = char_index;
+    if (best_char_index == _characters.size())
+        return end();
     return iterator(this, best_char_index);
 }
 
-- 
cgit v1.2.3