ref: 495de6cc72c602a5c2c14a14b5c1da59f18e26f7
parent: d0b0e31ed775b599912bb021f762deaf39dae3f5
author: Alexei Podtelezhnikov <[email protected]>
date: Sun Mar 6 18:54:34 EST 2016
[base] Refuse to render enormous outlines (#47114). The goal is to avoid integer overflows in the rendering algorithms. The limit is chosen arbitrarily at some 2^18 pixels, which should be enough for modern devices including printers. * src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject enormous outlines.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2016-03-06 Alexei Podtelezhnikov <[email protected]>
+ [base] Refuse to render enormous outlines (#47114).
+
+ The goal is to avoid integer overflows in the rendering algorithms.
+ The limit is chosen arbitrarily at some 2^18 pixels, which should be
+ enough for modern devices including printers.
+
+ * src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
+ enormous outlines.
+
+2016-03-06 Alexei Podtelezhnikov <[email protected]>
+
[smooth] Replace left shifts with multiplications (#47114).
* src/smooth/ftgrays.c (SUBPIXELS, UPSCALE, DOWNSCALE): Do it.
--- a/src/base/ftoutln.c
+++ b/src/base/ftoutln.c
@@ -618,6 +618,7 @@
FT_Error error;
FT_Renderer renderer;
FT_ListNode node;
+ FT_BBox cbox;
if ( !library )
@@ -628,6 +629,11 @@
if ( !params )
return FT_THROW( Invalid_Argument );
+
+ FT_Outline_Get_CBox( outline, &cbox );
+ if ( cbox.xMin < -0x1000000L || cbox.yMin < -0x1000000L ||
+ cbox.xMax > 0x1000000L || cbox.yMax > 0x1000000L )
+ return FT_THROW( Invalid_Outline );
renderer = library->cur_renderer;
node = library->renderers.head;