Fix rare integer overflow in text shaping

With extreme painter scaling, linearAdvance may be too large to fit in an unsigned short. Fixes: QTBUG-91758 Pick-to: 6.1 5.15 Change-Id: I7bbe6e77ec9bcef4aa5259da1d3000ed1a8eb27a Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
author: Paul Olav Tvete <paul.tvete@qt.io> 2021-05-05 11:32:51 +0200
committer: Paul Olav Tvete <paul.tvete@qt.io> 2021-05-05 17:14:12 +0200
commit: e2bdff3555f8c2a275c7bbcf964d939a5f489100 (patch)
tree: 13837c83c7f54af2e7646a6a5a7399efee32bb66
parent: 31defb833925c944f1b4ff7ad035461166449b11 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gui/text/freetype/qfontengine_ft.cpp b/src/gui/text/freetype/qfontengine_ft.cpp
index 280498f98d..ae1e139251 100644
--- a/src/gui/text/freetype/qfontengine_ft.cpp
+++ b/src/gui/text/freetype/qfontengine_ft.cpp
@@ -1051,7 +1051,8 @@ QFontEngineFT::Glyph *QFontEngineFT::loadGlyph(QGlyphSet *set, uint glyph,
         info.height = TRUNC(top - bottom);
 
         // If any of the metrics are too large to fit, don't cache them
-        if (areMetricsTooLarge(info))
+        // Also, avoid integer overflow when linearAdvance is to large to fit in a signed short
+        if (areMetricsTooLarge(info) || info.linearAdvance > 0x7FFF)
             return nullptr;
 
         g = new Glyph;
author	Paul Olav Tvete <paul.tvete@qt.io>	2021-05-05 11:32:51 +0200
committer	Paul Olav Tvete <paul.tvete@qt.io>	2021-05-05 17:14:12 +0200
commit	e2bdff3555f8c2a275c7bbcf964d939a5f489100 (patch)
tree	13837c83c7f54af2e7646a6a5a7399efee32bb66
parent	31defb833925c944f1b4ff7ad035461166449b11 (diff)