Fix possible crash due to integer overflow
QFontEngineMulti::stringToCMap() stores the fallback engine index in a glyph index'es high byte, which means the maximum fallback engine index it can store is 255, so limit the number of tries we're doing to this value. Otherwise we could end up with `fontEngineMulti->engine(glyph >> 24) == 0` after successful stringToCMap() call. Task-number: QTBUG-30412 Change-Id: I06907a39186fd207f3ce4b732a1a54e615744082 Reviewed-by: Lars Knoll <lars.knoll@digia.com>
This commit is contained in:
parent
751989df5c
commit
a15b56b0c1
@ -1444,7 +1444,7 @@ bool QFontEngineMulti::stringToCMap(const QChar *str, int len,
|
|||||||
tmpAdvance.x = glyphs->advances_x[glyph_pos];
|
tmpAdvance.x = glyphs->advances_x[glyph_pos];
|
||||||
tmpAdvance.y = glyphs->advances_y[glyph_pos];
|
tmpAdvance.y = glyphs->advances_y[glyph_pos];
|
||||||
}
|
}
|
||||||
for (int x=1; x < engines.size(); ++x) {
|
for (int x = 1, n = qMin(engines.size(), 256); x < n; ++x) {
|
||||||
if (engines.at(x) == 0 && !shouldLoadFontEngineForCharacter(x, ucs4))
|
if (engines.at(x) == 0 && !shouldLoadFontEngineForCharacter(x, ucs4))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user