core/fxge/ge/cfx_facecache.cpp - Issue 2294183002: Attempt to fix potential integer overflow in CFX_FaceCache::LoadGlyphPath().

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: core/fxge/ge/cfx_facecache.cpp

Issue 2294183002: Attempt to fix potential integer overflow in CFX_FaceCache::LoadGlyphPath(). (Closed)

Patch Set: consistent casting Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: core/fxge/ge/cfx_facecache.cpp

diff --git a/core/fxge/ge/cfx_facecache.cpp b/core/fxge/ge/cfx_facecache.cpp

index c35830fbdefc821ba79d185a11256984829a0b26..1ec770ec33c4038bef8e3b45b88ff11ba7eefed9 100644

--- a/core/fxge/ge/cfx_facecache.cpp

+++ b/core/fxge/ge/cfx_facecache.cpp

@@ -22,6 +22,8 @@

namespace {

+constexpr uint32_t kInvalidGlyphIndex = static_cast<uint32_t>(-1);

void GammaAdjust(uint8_t* pData,

int nHeight,

int src_pitch,

@@ -225,14 +227,22 @@ CFX_GlyphBitmap* CFX_FaceCache::RenderGlyph(CFX_Font* pFont,

const CFX_PathData* CFX_FaceCache::LoadGlyphPath(CFX_Font* pFont,

uint32_t glyph_index,

int dest_width) {

- if (!m_Face || glyph_index == (uint32_t)-1)

+ if (!m_Face || glyph_index == kInvalidGlyphIndex || dest_width < 0)

return nullptr;

uint32_t key = glyph_index;

- if (pFont->GetSubstFont()) {

- key += (((pFont->GetSubstFont()->m_Weight / 16) << 15) +

- ((pFont->GetSubstFont()->m_ItalicAngle / 2) << 21) +

- ((dest_width / 16) << 25) + (pFont->IsVertical() << 31));

+ auto* pSubstFont = pFont->GetSubstFont();

+ if (pSubstFont) {

+ if (pSubstFont->m_Weight < 0 || pSubstFont->m_ItalicAngle < 0)

+ return nullptr;

+ uint32_t weight = static_cast<uint32_t>(pSubstFont->m_Weight);

+ uint32_t angle = static_cast<uint32_t>(pSubstFont->m_ItalicAngle);

+ uint32_t key_modifier = (weight / 16) << 15;

+ key_modifier += (angle / 2) << 21;

+ key_modifier += (static_cast<uint32_t>(dest_width) / 16) << 25;

+ if (pFont->IsVertical())

+ key_modifier += 1U << 31;

+ key += key_modifier;

}

auto it = m_PathMap.find(key);

if (it != m_PathMap.end())

@@ -250,8 +260,9 @@ const CFX_GlyphBitmap* CFX_FaceCache::LoadGlyphBitmap(CFX_Font* pFont,

int dest_width,

int anti_alias,

int& text_flags) {

- if (glyph_index == (uint32_t)-1)

+ if (glyph_index == kInvalidGlyphIndex)

return nullptr;

_CFX_UniqueKeyGen keygen;

int nMatrixA = static_cast<int>(pMatrix->a * 10000);

int nMatrixB = static_cast<int>(pMatrix->b * 10000);

« no previous file with comments | « no previous file | no next file » | no next file with comments »