From bb16ceac6871a9096547f5170ff174e87a605437 Mon Sep 17 00:00:00 2001 From: Andy Shaw Date: Mon, 5 Jan 2015 14:26:03 +0100 Subject: [PATCH] Prevent buffer overrun when getting the glyph images The change 35bc3dc45aacaf36a8bdfccc7627136cc2e5b185 moved some padding out of QTextureGlyphCache into the font engines directly, however this was not done for the DirectWrite font engine so it caused a buffer overrun. Task-number: QTBUG-41782 Change-Id: I4e643159036f06c5edd8a742dc6694d517a47826 Reviewed-by: Eskil Abrahamsen Blomfeldt --- .../windows/qwindowsfontenginedirectwrite.cpp | 17 +++++++++++++++-- .../windows/qwindowsfontenginedirectwrite.h | 1 + .../auto/gui/painting/qpainter/tst_qpainter.cpp | 17 ++++++++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.cpp b/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.cpp index 648f68bb19..ed512f78ca 100644 --- a/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.cpp +++ b/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.cpp @@ -515,8 +515,9 @@ QImage QWindowsFontEngineDirectWrite::imageForGlyph(glyph_t t, const QTransform &xform) { glyph_metrics_t metrics = QFontEngine::boundingBox(t, xform); - int width = (metrics.width + margin * 2 + 4).ceil().toInt() ; - int height = (metrics.height + margin * 2 + 4).ceil().toInt(); + // This needs to be kept in sync with alphaMapBoundingBox + int width = (metrics.width + margin * 2).ceil().toInt() ; + int height = (metrics.height + margin * 2).ceil().toInt(); UINT16 glyphIndex = t; FLOAT glyphAdvance = metrics.xoff.toReal(); @@ -699,6 +700,18 @@ QString QWindowsFontEngineDirectWrite::fontNameSubstitute(const QString &familyN return QSettings(QLatin1String(keyC), QSettings::NativeFormat).value(familyName, familyName).toString(); } +glyph_metrics_t QWindowsFontEngineDirectWrite::alphaMapBoundingBox(glyph_t glyph, QFixed pos, const QTransform &matrix, GlyphFormat format) +{ + Q_UNUSED(pos); + int margin = 0; + if (format == QFontEngine::Format_A32 || format == QFontEngine::Format_ARGB) + margin = glyphMargin(QFontEngine::Format_A32); + glyph_metrics_t gm = QFontEngine::boundingBox(glyph, matrix); + gm.width += margin * 2; + gm.height += margin * 2; + return gm; +} + QT_END_NAMESPACE #endif // QT_NO_DIRECTWRITE diff --git a/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.h b/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.h index 2addb90de3..e0466c138d 100644 --- a/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.h +++ b/src/plugins/platforms/windows/qwindowsfontenginedirectwrite.h @@ -75,6 +75,7 @@ public: glyph_metrics_t boundingBox(const QGlyphLayout &glyphs); glyph_metrics_t boundingBox(glyph_t g); + glyph_metrics_t alphaMapBoundingBox(glyph_t glyph, QFixed, const QTransform &matrix, GlyphFormat); QFixed ascent() const; QFixed descent() const; diff --git a/tests/auto/gui/painting/qpainter/tst_qpainter.cpp b/tests/auto/gui/painting/qpainter/tst_qpainter.cpp index c5755dcdad..41ceebb646 100644 --- a/tests/auto/gui/painting/qpainter/tst_qpainter.cpp +++ b/tests/auto/gui/painting/qpainter/tst_qpainter.cpp @@ -289,7 +289,7 @@ private slots: void blendARGBonRGB(); void RasterOp_NotDestination(); - + void drawTextNoHinting(); private: void fillData(); void setPenColor(QPainter& p); @@ -4812,6 +4812,21 @@ void tst_QPainter::RasterOp_NotDestination() QCOMPARE(pixel, 0xff00ffff); } +void tst_QPainter::drawTextNoHinting() +{ + { + QImage image(250, 250, QImage::Format_RGB32); + QPainter p(&image); + QFont font("Arial", 8); + font.setHintingPreference(QFont::PreferNoHinting); + font.setStyleStrategy(QFont::PreferAntialias); + p.setFont(font); + p.drawText(image.rect(), "ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz"); + } + // Testing for a crash when DirectWrite is used on Windows + QVERIFY(true); +} + QTEST_MAIN(tst_QPainter) #include "tst_qpainter.moc"