Gracefully reject requests for absurd font sizes

Avoid overflows. Fixes: QTBUG-89899 Change-Id: Ic1a83c1704fe20be3d032358dc91ee8e751f2281 Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> (cherry picked from commit 679750684087cad7a48921c4174a53cdf4855049) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Eirik Aavitsland <eirik.aavitsland@qt.io> 2021-01-21 09:55:00 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2021-01-22 07:27:14 +0000
commit: 1a07e7899261c044a5325ca21dd20c9c7be3e6ef (patch)
tree: cbbdb504321b5f93b76a2f82dd00370b6a1b0387 /src/gui/text
parent: 5463f2558682f8c52e0777e445de0792d58b889a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gui/text/qfontdatabase.cpp b/src/gui/text/qfontdatabase.cpp
index 13cde04ff4..cf2573c984 100644
--- a/src/gui/text/qfontdatabase.cpp
+++ b/src/gui/text/qfontdatabase.cpp
@@ -2386,6 +2386,12 @@ QFontEngine *QFontDatabasePrivate::findFont(const QFontDef &request, int script)
         return engine;
     }
 
+    if (request.pixelSize > 0xffff) {
+        // Stop absurd requests reaching the engines; pixel size is assumed to fit ushort
+        qCDebug(lcFontMatch, "Rejecting request for pixel size %g2, returning box engine", double(request.pixelSize));
+        return new QFontEngineBox(32); // not request.pixelSize, to avoid overflow/DOS
+    }
+
     QString family_name, foundry_name;
     const QString requestFamily = request.families.size() > 0 ? request.families.at(0) : request.family;
     parseFontName(requestFamily, foundry_name, family_name);
author	Eirik Aavitsland <eirik.aavitsland@qt.io>	2021-01-21 09:55:00 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2021-01-22 07:27:14 +0000
commit	1a07e7899261c044a5325ca21dd20c9c7be3e6ef (patch)
tree	cbbdb504321b5f93b76a2f82dd00370b6a1b0387 /src/gui/text
parent	5463f2558682f8c52e0777e445de0792d58b889a (diff)