diff options
author | Nicolas Pena <npm@chromium.org> | 2017-03-10 15:46:49 -0500 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-03-10 21:32:42 +0000 |
commit | e472622d33bdca2316a22ff5ff8d77ac975c2eb2 (patch) | |
tree | c41aad4ee5094513ca5f14072a40e5a25429fbdd /core | |
parent | 6791295a4e8c99097e6d75870871e128284f8cb5 (diff) | |
download | pdfium-e472622d33bdca2316a22ff5ff8d77ac975c2eb2.tar.xz |
Bound cbox from tricky faceschromium/3040chromium/3039chromium/3038
The cbox values are long. We should make sure they are not too big before
putting them into FX_RECT, which holds integers. The bound is chosen to also
avoid overflow when multiplying by 1000.
BUG=chromium:699961
Change-Id: Ie4443848e0319348110f7215bd1c909ef19dad9f
Reviewed-on: https://pdfium-review.googlesource.com/2956
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/fpdfapi/font/cpdf_cidfont.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/core/fpdfapi/font/cpdf_cidfont.cpp b/core/fpdfapi/font/cpdf_cidfont.cpp index 6d01538f54..b0ae05c8c5 100644 --- a/core/fpdfapi/font/cpdf_cidfont.cpp +++ b/core/fpdfapi/font/cpdf_cidfont.cpp @@ -113,6 +113,10 @@ const struct CIDTransform { {8818, 0, 129, 127, 0, 19, 114}, {8819, 0, 129, 127, 0, 218, 108}, }; +// Boundary values to avoid integer overflow when multiplied by 1000. +const long kMinCBox = -2147483; +const long kMaxCBox = 2147483; + CPDF_FontGlobals* GetFontGlobals() { return CPDF_ModuleMgr::Get()->GetPageModule()->GetFontGlobals(); } @@ -440,11 +444,15 @@ FX_RECT CPDF_CIDFont::GetCharBBox(uint32_t charcode) { int err = FXFT_Load_Glyph(face, glyph_index, FXFT_LOAD_IGNORE_GLOBAL_ADVANCE_WIDTH); if (!err) { - FXFT_BBox cbox; FXFT_Glyph glyph; err = FXFT_Get_Glyph(((FXFT_Face)face)->glyph, &glyph); if (!err) { + FXFT_BBox cbox; FXFT_Glyph_Get_CBox(glyph, FXFT_GLYPH_BBOX_PIXELS, &cbox); + cbox.xMin = std::min(std::max(cbox.xMin, kMinCBox), kMaxCBox); + cbox.xMax = std::min(std::max(cbox.xMax, kMinCBox), kMaxCBox); + cbox.yMin = std::min(std::max(cbox.yMin, kMinCBox), kMaxCBox); + cbox.yMax = std::min(std::max(cbox.yMax, kMinCBox), kMaxCBox); int pixel_size_x = ((FXFT_Face)face)->size->metrics.x_ppem; int pixel_size_y = ((FXFT_Face)face)->size->metrics.y_ppem; if (pixel_size_x == 0 || pixel_size_y == 0) { |