Fix possible crash in calculateRightBearingForPreviousGlyph().

LineBreakHelper saves previousGlyph for calculating right bearing of this glyph when it is needed. But between the saving of this glyph and the calculation the fontEngine can change (if we move to the different item). So we need to save the fontEngine together with the glyph and use this saved fontEngine for the saved glyph, while still using the current fontEngine for calculating right bearing of the current glyph. [ChangeLog][QtGui][QTextLine] Fixed a possible UB in the calculation of glyph right bearing when a QTextLine layout is performed. Change-Id: I14c729a1f761a45eaba85754c0b15a27faff7458 Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
author: John Preston <johnprestonmail@gmail.com> 2016-05-02 16:01:06 +0300
committer: Tor Arne Vestbø <tor.arne.vestbo@qt.io> 2016-10-10 23:03:49 +0000
commit: 46804956cbe3cd5ddfb0528ae7d9fa35a031d6d3 (patch)
tree: 52f34798e4fe64c0934cc5f8678001a3feaf60db /src/gui/text/qtextlayout.cpp
parent: dca8678efab24417f13eb3c1544b348129472492 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index f5827bb683..adaac11517 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -1654,6 +1654,7 @@ namespace {
         int maxGlyphs;
         int currentPosition;
         glyph_t previousGlyph;
+        QFontEngine *previousGlyphFontEngine;
 
         QFixed minw;
         QFixed softHyphenWidth;
@@ -1687,13 +1688,14 @@ namespace {
             if (currentPosition > 0 &&
                 logClusters[currentPosition - 1] < glyphs.numGlyphs) {
                 previousGlyph = currentGlyph(); // needed to calculate right bearing later
+                previousGlyphFontEngine = fontEngine;
             }
         }
 
-        inline void calculateRightBearing(glyph_t glyph)
+        inline void calculateRightBearing(QFontEngine *engine, glyph_t glyph)
         {
             qreal rb;
-            fontEngine->getGlyphBearings(glyph, 0, &rb);
+            engine->getGlyphBearings(glyph, 0, &rb);
 
             // We only care about negative right bearings, so we limit the range
             // of the bearing here so that we can assume it's negative in the rest
@@ -1706,13 +1708,13 @@ namespace {
         {
             if (currentPosition <= 0)
                 return;
-            calculateRightBearing(currentGlyph());
+            calculateRightBearing(fontEngine, currentGlyph());
         }
 
         inline void calculateRightBearingForPreviousGlyph()
         {
             if (previousGlyph > 0)
-                calculateRightBearing(previousGlyph);
+                calculateRightBearing(previousGlyphFontEngine, previousGlyph);
         }
 
         static const QFixed RightBearingNotCalculated;
author	John Preston <johnprestonmail@gmail.com>	2016-05-02 16:01:06 +0300
committer	Tor Arne Vestbø <tor.arne.vestbo@qt.io>	2016-10-10 23:03:49 +0000
commit	46804956cbe3cd5ddfb0528ae7d9fa35a031d6d3 (patch)
tree	52f34798e4fe64c0934cc5f8678001a3feaf60db /src/gui/text/qtextlayout.cpp
parent	dca8678efab24417f13eb3c1544b348129472492 (diff)