Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fxge/ge/cfx_facecache.cpp

Issue 2294183002: Attempt to fix potential integer overflow in CFX_FaceCache::LoadGlyphPath(). (Closed)
Patch Set: consistent casting Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 PDFium Authors. All rights reserved. 1 // Copyright 2016 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fxge/include/cfx_facecache.h" 7 #include "core/fxge/include/cfx_facecache.h"
8 8
9 #include <algorithm> 9 #include <algorithm>
10 10
11 #include "core/fxge/ge/fx_text_int.h" 11 #include "core/fxge/ge/fx_text_int.h"
12 #include "core/fxge/include/cfx_fontmgr.h" 12 #include "core/fxge/include/cfx_fontmgr.h"
13 #include "core/fxge/include/cfx_gemodule.h" 13 #include "core/fxge/include/cfx_gemodule.h"
14 #include "core/fxge/include/cfx_pathdata.h" 14 #include "core/fxge/include/cfx_pathdata.h"
15 #include "core/fxge/include/cfx_substfont.h" 15 #include "core/fxge/include/cfx_substfont.h"
16 #include "core/fxge/include/fx_freetype.h" 16 #include "core/fxge/include/fx_freetype.h"
17 17
18 #ifdef _SKIA_SUPPORT_ 18 #ifdef _SKIA_SUPPORT_
19 #include "third_party/skia/include/core/SkStream.h" 19 #include "third_party/skia/include/core/SkStream.h"
20 #include "third_party/skia/include/core/SkTypeface.h" 20 #include "third_party/skia/include/core/SkTypeface.h"
21 #endif 21 #endif
22 22
23 namespace { 23 namespace {
24 24
25 constexpr uint32_t kInvalidGlyphIndex = static_cast<uint32_t>(-1);
26
25 void GammaAdjust(uint8_t* pData, 27 void GammaAdjust(uint8_t* pData,
26 int nHeight, 28 int nHeight,
27 int src_pitch, 29 int src_pitch,
28 const uint8_t* gammaTable) { 30 const uint8_t* gammaTable) {
29 int count = nHeight * src_pitch; 31 int count = nHeight * src_pitch;
30 for (int i = 0; i < count; i++) 32 for (int i = 0; i < count; i++)
31 pData[i] = gammaTable[pData[i]]; 33 pData[i] = gammaTable[pData[i]];
32 } 34 }
33 35
34 void ContrastAdjust(uint8_t* pDataIn, 36 void ContrastAdjust(uint8_t* pDataIn,
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after
218 GammaAdjust(pDestBuf, bmheight, dest_pitch, 220 GammaAdjust(pDestBuf, bmheight, dest_pitch,
219 CFX_GEModule::Get()->GetTextGammaTable()); 221 CFX_GEModule::Get()->GetTextGammaTable());
220 } 222 }
221 } 223 }
222 return pGlyphBitmap; 224 return pGlyphBitmap;
223 } 225 }
224 226
225 const CFX_PathData* CFX_FaceCache::LoadGlyphPath(CFX_Font* pFont, 227 const CFX_PathData* CFX_FaceCache::LoadGlyphPath(CFX_Font* pFont,
226 uint32_t glyph_index, 228 uint32_t glyph_index,
227 int dest_width) { 229 int dest_width) {
228 if (!m_Face || glyph_index == (uint32_t)-1) 230 if (!m_Face || glyph_index == kInvalidGlyphIndex || dest_width < 0)
229 return nullptr; 231 return nullptr;
230 232
231 uint32_t key = glyph_index; 233 uint32_t key = glyph_index;
232 if (pFont->GetSubstFont()) { 234 auto* pSubstFont = pFont->GetSubstFont();
233 key += (((pFont->GetSubstFont()->m_Weight / 16) << 15) + 235 if (pSubstFont) {
234 ((pFont->GetSubstFont()->m_ItalicAngle / 2) << 21) + 236 if (pSubstFont->m_Weight < 0 || pSubstFont->m_ItalicAngle < 0)
235 ((dest_width / 16) << 25) + (pFont->IsVertical() << 31)); 237 return nullptr;
238 uint32_t weight = static_cast<uint32_t>(pSubstFont->m_Weight);
239 uint32_t angle = static_cast<uint32_t>(pSubstFont->m_ItalicAngle);
240 uint32_t key_modifier = (weight / 16) << 15;
241 key_modifier += (angle / 2) << 21;
242 key_modifier += (static_cast<uint32_t>(dest_width) / 16) << 25;
243 if (pFont->IsVertical())
244 key_modifier += 1U << 31;
245 key += key_modifier;
236 } 246 }
237 auto it = m_PathMap.find(key); 247 auto it = m_PathMap.find(key);
238 if (it != m_PathMap.end()) 248 if (it != m_PathMap.end())
239 return it->second.get(); 249 return it->second.get();
240 250
241 CFX_PathData* pGlyphPath = pFont->LoadGlyphPath(glyph_index, dest_width); 251 CFX_PathData* pGlyphPath = pFont->LoadGlyphPath(glyph_index, dest_width);
242 m_PathMap[key] = std::unique_ptr<CFX_PathData>(pGlyphPath); 252 m_PathMap[key] = std::unique_ptr<CFX_PathData>(pGlyphPath);
243 return pGlyphPath; 253 return pGlyphPath;
244 } 254 }
245 255
246 const CFX_GlyphBitmap* CFX_FaceCache::LoadGlyphBitmap(CFX_Font* pFont, 256 const CFX_GlyphBitmap* CFX_FaceCache::LoadGlyphBitmap(CFX_Font* pFont,
247 uint32_t glyph_index, 257 uint32_t glyph_index,
248 FX_BOOL bFontStyle, 258 FX_BOOL bFontStyle,
249 const CFX_Matrix* pMatrix, 259 const CFX_Matrix* pMatrix,
250 int dest_width, 260 int dest_width,
251 int anti_alias, 261 int anti_alias,
252 int& text_flags) { 262 int& text_flags) {
253 if (glyph_index == (uint32_t)-1) 263 if (glyph_index == kInvalidGlyphIndex)
254 return nullptr; 264 return nullptr;
265
255 _CFX_UniqueKeyGen keygen; 266 _CFX_UniqueKeyGen keygen;
256 int nMatrixA = static_cast<int>(pMatrix->a * 10000); 267 int nMatrixA = static_cast<int>(pMatrix->a * 10000);
257 int nMatrixB = static_cast<int>(pMatrix->b * 10000); 268 int nMatrixB = static_cast<int>(pMatrix->b * 10000);
258 int nMatrixC = static_cast<int>(pMatrix->c * 10000); 269 int nMatrixC = static_cast<int>(pMatrix->c * 10000);
259 int nMatrixD = static_cast<int>(pMatrix->d * 10000); 270 int nMatrixD = static_cast<int>(pMatrix->d * 10000);
260 #if _FXM_PLATFORM_ != _FXM_PLATFORM_APPLE_ 271 #if _FXM_PLATFORM_ != _FXM_PLATFORM_APPLE_
261 if (pFont->GetSubstFont()) { 272 if (pFont->GetSubstFont()) {
262 keygen.Generate(9, nMatrixA, nMatrixB, nMatrixC, nMatrixD, dest_width, 273 keygen.Generate(9, nMatrixA, nMatrixB, nMatrixC, nMatrixD, dest_width,
263 anti_alias, pFont->GetSubstFont()->m_Weight, 274 anti_alias, pFont->GetSubstFont()->m_Weight,
264 pFont->GetSubstFont()->m_ItalicAngle, pFont->IsVertical()); 275 pFont->GetSubstFont()->m_ItalicAngle, pFont->IsVertical());
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after
375 return it2->second; 386 return it2->second;
376 387
377 CFX_GlyphBitmap* pGlyphBitmap = RenderGlyph(pFont, glyph_index, bFontStyle, 388 CFX_GlyphBitmap* pGlyphBitmap = RenderGlyph(pFont, glyph_index, bFontStyle,
378 pMatrix, dest_width, anti_alias); 389 pMatrix, dest_width, anti_alias);
379 if (!pGlyphBitmap) 390 if (!pGlyphBitmap)
380 return nullptr; 391 return nullptr;
381 392
382 pSizeCache->m_GlyphMap[glyph_index] = pGlyphBitmap; 393 pSizeCache->m_GlyphMap[glyph_index] = pGlyphBitmap;
383 return pGlyphBitmap; 394 return pGlyphBitmap;
384 } 395 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698