1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QFontEngine: Escape values too large for QFixed

Browse Source 
Change-Id: I9d21d784ca13f31f4237c1517016a69cf5df4ca4
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
This commit is contained in:
Robert Löhning 2024-10-25 15:45:51 +02:00
parent b3e5b134ee
commit 073fae097c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/gui/text/qfontengine.cpp
View File

@ -396,6 +396,10 @@ bool QFontEngine::processHheaTable() const
return false;
QFixed unitsPerEm = emSquareSize();
// Bail out if values are too large for QFixed
const auto limitForQFixed = std::numeric_limits<int>::max() / (fontDef.pixelSize * 64);
if (ascent > limitForQFixed || descent > limitForQFixed || leading > limitForQFixed)
return false;
m_ascent = QFixed::fromReal(ascent * fontDef.pixelSize) / unitsPerEm;
m_descent = -QFixed::fromReal(descent * fontDef.pixelSize) / unitsPerEm;
@ -453,6 +457,11 @@ bool QFontEngine::processOS2Table() const
// Some fonts may have invalid OS/2 data. We detect this and bail out.
if (typoAscent == 0 && typoDescent == 0)
return false;
// Bail out if values are too large for QFixed
const auto limitForQFixed = std::numeric_limits<int>::max() / (fontDef.pixelSize * 64);
if (typoAscent > limitForQFixed || typoDescent > limitForQFixed
|| typoLineGap > limitForQFixed)
return false;
m_ascent = QFixed::fromReal(typoAscent * fontDef.pixelSize) / unitsPerEm;
m_descent = -QFixed::fromReal(typoDescent * fontDef.pixelSize) / unitsPerEm;
m_leading = QFixed::fromReal(typoLineGap * fontDef.pixelSize) / unitsPerEm;