Fix crash when loading invalid font data in QRawFont

When passing invalid data to QRawFont, we need to fail gracefully and mark the font as invalid, instead of crashing. This crashed because of different missing sanity checks in the Windows and FontConfig font databases. [ChangeLog][Text] Fixed crash when trying to load a font from invalid data. Task-number: QTBUG-37190 Change-Id: I62c81217ec7d873350b575c9d4ae8e6f0a939540 Reviewed-by: Michael Bruning <michael.bruning@digia.com> Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
2014-05-12 09:09:24 +02:00 · 2014-05-12 09:09:24 +02:00 · d16508a285
commit d16508a285
parent 4f83102df0
3 changed files with 17 additions and 0 deletions
--- a/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp
+++ b/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp
@ -660,6 +660,9 @@ QFontEngine *QFontconfigDatabase::fontEngine(const QFontDef &f, void *usrPtr)
 QFontEngine *QFontconfigDatabase::fontEngine(const QByteArray &fontData, qreal pixelSize, QFont::HintingPreference hintingPreference)
 {
    QFontEngineFT *engine = static_cast<QFontEngineFT*>(QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference));
+    if (engine == 0)
+        return 0;
+
    QFontDef fontDef = engine->fontDef;

    QFontEngineFT::GlyphFormat format;
--- a/src/plugins/platforms/windows/qwindowsfontdatabase.cpp
+++ b/src/plugins/platforms/windows/qwindowsfontdatabase.cpp
@ -165,6 +165,9 @@ namespace {
        Q_ASSERT(tagName.size() == 4);
        quint32 tagId = *(reinterpret_cast<const quint32 *>(tagName.constData()));

+        if (m_fontData.size() < sizeof(OffsetSubTable) + sizeof(TableDirectory))
+            return 0;
+
        OffsetSubTable *offsetSubTable = reinterpret_cast<OffsetSubTable *>(m_fontData.data());
        TableDirectory *tableDirectory = reinterpret_cast<TableDirectory *>(offsetSubTable + 1);

--- a/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp
+++ b/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp
@ -99,6 +99,8 @@ private slots:
    void rawFontSetPixelSize();

    void multipleRawFontsFromData();
+
+    void rawFontFromInvalidData();
 private:
    QString testFont;
    QString testFontBoldItalic;
@ -939,6 +941,15 @@ void tst_QRawFont::multipleRawFontsFromData()
            || testFont.style() != (testFontBoldItalic.style()));
 }

+void tst_QRawFont::rawFontFromInvalidData()
+{
+    QByteArray invalidData("foobar");
+    QRawFont font;
+    font.loadFromData(invalidData, 10, QFont::PreferDefaultHinting);
+
+    QVERIFY(!font.isValid());
+}
+
 #endif // QT_NO_RAWFONT

 QTEST_MAIN(tst_QRawFont)