Fix possible crash due to integer overflow

QFontEngineMulti::stringToCMap() stores the fallback engine index
in a glyph index'es high byte, which means the maximum fallback engine index
it can store is 255, so limit the number of tries we're doing to this value.
Otherwise we could end up with `fontEngineMulti->engine(glyph >> 24) == 0`
after successful stringToCMap() call.

Task-number: QTBUG-30412

Change-Id: I06907a39186fd207f3ce4b732a1a54e615744082
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
This commit is contained in:
Konstantin Ritt 2013-08-15 09:13:55 +03:00 committed by The Qt Project
parent 751989df5c
commit a15b56b0c1

View File

@ -1444,7 +1444,7 @@ bool QFontEngineMulti::stringToCMap(const QChar *str, int len,
tmpAdvance.x = glyphs->advances_x[glyph_pos]; tmpAdvance.x = glyphs->advances_x[glyph_pos];
tmpAdvance.y = glyphs->advances_y[glyph_pos]; tmpAdvance.y = glyphs->advances_y[glyph_pos];
} }
for (int x=1; x < engines.size(); ++x) { for (int x = 1, n = qMin(engines.size(), 256); x < n; ++x) {
if (engines.at(x) == 0 && !shouldLoadFontEngineForCharacter(x, ucs4)) if (engines.at(x) == 0 && !shouldLoadFontEngineForCharacter(x, ucs4))
continue; continue;