Fix possible crash in calculateRightBearingForPreviousGlyph().

LineBreakHelper saves previousGlyph for calculating right bearing of
this glyph when it is needed. But between the saving of this glyph and
the calculation the fontEngine can change (if we move to the different
item). So we need to save the fontEngine together with the glyph and
use this saved fontEngine for the saved glyph, while still using the
current fontEngine for calculating right bearing of the current glyph.

[ChangeLog][QtGui][QTextLine] Fixed a possible UB in the calculation
of glyph right bearing when a QTextLine layout is performed.

Change-Id: I14c729a1f761a45eaba85754c0b15a27faff7458
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
This commit is contained in:
John Preston 2016-05-02 16:01:06 +03:00 committed by Tor Arne Vestbø
parent dca8678efa
commit 46804956cb

View File

@ -1654,6 +1654,7 @@ namespace {
int maxGlyphs;
int currentPosition;
glyph_t previousGlyph;
QFontEngine *previousGlyphFontEngine;
QFixed minw;
QFixed softHyphenWidth;
@ -1687,13 +1688,14 @@ namespace {
if (currentPosition > 0 &&
logClusters[currentPosition - 1] < glyphs.numGlyphs) {
previousGlyph = currentGlyph(); // needed to calculate right bearing later
previousGlyphFontEngine = fontEngine;
}
}
inline void calculateRightBearing(glyph_t glyph)
inline void calculateRightBearing(QFontEngine *engine, glyph_t glyph)
{
qreal rb;
fontEngine->getGlyphBearings(glyph, 0, &rb);
engine->getGlyphBearings(glyph, 0, &rb);
// We only care about negative right bearings, so we limit the range
// of the bearing here so that we can assume it's negative in the rest
@ -1706,13 +1708,13 @@ namespace {
{
if (currentPosition <= 0)
return;
calculateRightBearing(currentGlyph());
calculateRightBearing(fontEngine, currentGlyph());
}
inline void calculateRightBearingForPreviousGlyph()
{
if (previousGlyph > 0)
calculateRightBearing(previousGlyph);
calculateRightBearing(previousGlyphFontEngine, previousGlyph);
}
static const QFixed RightBearingNotCalculated;