1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix rare integer overflow in text shaping

Browse Source 
With extreme painter scaling, linearAdvance may be too large to fit in
an unsigned short.

Fixes: QTBUG-91758
Change-Id: I7bbe6e77ec9bcef4aa5259da1d3000ed1a8eb27a
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit e2bdff3555f8c2a275c7bbcf964d939a5f489100)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Paul Olav Tvete 2021-05-05 11:32:51 +02:00 committed by Qt Cherry-pick Bot
parent 29dea7f317
commit b721079032
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/gui/text/freetype/qfontengine_ft.cpp
View File

@ -1051,7 +1051,8 @@ QFontEngineFT::Glyph *QFontEngineFT::loadGlyph(QGlyphSet *set, uint glyph,
info.height = TRUNC(top - bottom);
// If any of the metrics are too large to fit, don't cache them
if (areMetricsTooLarge(info))
// Also, avoid integer overflow when linearAdvance is to large to fit in a signed short
if (areMetricsTooLarge(info) || info.linearAdvance > 0x7FFF)
return nullptr;
g = new Glyph;