[base] Refuse to render enormous outlines (#47114).

The goal is to avoid integer overflows in the rendering algorithms. The limit is chosen arbitrarily at some 2^18 pixels, which should be enough for modern devices including printers. * src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject enormous outlines.
9 years ago · 495de6cc72
parent d0b0e31ed7
commit 495de6cc72
2 changed files with 17 additions and 0 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+2016-03-06  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[base] Refuse to render enormous outlines (#47114).
+
+	The goal is to avoid integer overflows in the rendering algorithms.
+	The limit is chosen arbitrarily at some 2^18 pixels, which should be
+	enough for modern devices including printers.
+
+	* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
+	enormous outlines.
+
 2016-03-06  Alexei Podtelezhnikov  <apodtele@gmail.com>

 	[smooth] Replace left shifts with multiplications (#47114).
--- a/src/base/ftoutln.c
+++ b/src/base/ftoutln.c
@ -618,6 +618,7 @@
    FT_Error     error;
    FT_Renderer  renderer;
    FT_ListNode  node;
+    FT_BBox      cbox;


    if ( !library )
@ -629,6 +630,11 @@
    if ( !params )
      return FT_THROW( Invalid_Argument );

+    FT_Outline_Get_CBox( outline, &cbox );
+    if ( cbox.xMin < -0x1000000L || cbox.yMin < -0x1000000L ||
+         cbox.xMax >  0x1000000L || cbox.yMax >  0x1000000L )
+      return FT_THROW( Invalid_Outline );
+
    renderer = library->cur_renderer;
    node     = library->renderers.head;