diff options
author | Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com> | 2014-05-12 09:09:24 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-05-14 09:13:38 +0200 |
commit | d16508a285a5423ae9a5034e969801bce74ffb98 (patch) | |
tree | 7e2f468c0528325864ec98b8f03fdb5dfb97dd15 | |
parent | 4f83102df0389ee9ae4bb974bb2e48723f52dbea (diff) |
Fix crash when loading invalid font data in QRawFont
When passing invalid data to QRawFont, we need to fail gracefully
and mark the font as invalid, instead of crashing. This crashed
because of different missing sanity checks in the Windows
and FontConfig font databases.
[ChangeLog][Text] Fixed crash when trying to load a font from
invalid data.
Task-number: QTBUG-37190
Change-Id: I62c81217ec7d873350b575c9d4ae8e6f0a939540
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
3 files changed, 17 insertions, 0 deletions
diff --git a/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp b/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp index 17717dd53c..b8da9726d5 100644 --- a/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp +++ b/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp @@ -660,6 +660,9 @@ QFontEngine *QFontconfigDatabase::fontEngine(const QFontDef &f, void *usrPtr) QFontEngine *QFontconfigDatabase::fontEngine(const QByteArray &fontData, qreal pixelSize, QFont::HintingPreference hintingPreference) { QFontEngineFT *engine = static_cast<QFontEngineFT*>(QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference)); + if (engine == 0) + return 0; + QFontDef fontDef = engine->fontDef; QFontEngineFT::GlyphFormat format; diff --git a/src/plugins/platforms/windows/qwindowsfontdatabase.cpp b/src/plugins/platforms/windows/qwindowsfontdatabase.cpp index 940d75614c..6d9f01da4e 100644 --- a/src/plugins/platforms/windows/qwindowsfontdatabase.cpp +++ b/src/plugins/platforms/windows/qwindowsfontdatabase.cpp @@ -165,6 +165,9 @@ namespace { Q_ASSERT(tagName.size() == 4); quint32 tagId = *(reinterpret_cast<const quint32 *>(tagName.constData())); + if (m_fontData.size() < sizeof(OffsetSubTable) + sizeof(TableDirectory)) + return 0; + OffsetSubTable *offsetSubTable = reinterpret_cast<OffsetSubTable *>(m_fontData.data()); TableDirectory *tableDirectory = reinterpret_cast<TableDirectory *>(offsetSubTable + 1); diff --git a/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp b/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp index ae6e450301..20bfaf99dd 100644 --- a/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp +++ b/tests/auto/gui/text/qrawfont/tst_qrawfont.cpp @@ -99,6 +99,8 @@ private slots: void rawFontSetPixelSize(); void multipleRawFontsFromData(); + + void rawFontFromInvalidData(); private: QString testFont; QString testFontBoldItalic; @@ -939,6 +941,15 @@ void tst_QRawFont::multipleRawFontsFromData() || testFont.style() != (testFontBoldItalic.style())); } +void tst_QRawFont::rawFontFromInvalidData() +{ + QByteArray invalidData("foobar"); + QRawFont font; + font.loadFromData(invalidData, 10, QFont::PreferDefaultHinting); + + QVERIFY(!font.isValid()); +} + #endif // QT_NO_RAWFONT QTEST_MAIN(tst_QRawFont) |