From 7df4dcff2cafcd9b57eb7a4812be871d956f0ec8 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Fri, 3 Nov 2017 14:40:46 +0100
Subject: Fix memory corruption on scaled emojis

Bitmap glyphs are returned prescaled, which means we should include
the transform in their bounding box.

Additionally painting them should stick the smallest rect to avoid
writing outside the allocated area, and assert in debug builds.

Task-number: QTBUG-64239
Change-Id: I5f877d36566891323f528018f910798344ba4ce2
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
---
 src/gui/painting/qtextureglyphcache.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/gui/painting')

diff --git a/src/gui/painting/qtextureglyphcache.cpp b/src/gui/painting/qtextureglyphcache.cpp
index 86a53c21a3..2a7e0eaa0c 100644
--- a/src/gui/painting/qtextureglyphcache.cpp
+++ b/src/gui/painting/qtextureglyphcache.cpp
@@ -318,11 +318,12 @@ void QImageTextureGlyphCache::fillTexture(const Coord &c, glyph_t g, QFixed subP
         return;
     }
 #endif
+    Q_ASSERT(mask.width() <= c.w && mask.height() <= c.h);
 
     if (m_format == QFontEngine::Format_A32
         || m_format == QFontEngine::Format_ARGB) {
         QImage ref(m_image.bits() + (c.x * 4 + c.y * m_image.bytesPerLine()),
-                   qMax(mask.width(), c.w), qMax(mask.height(), c.h), m_image.bytesPerLine(),
+                   qMin(mask.width(), c.w), qMin(mask.height(), c.h), m_image.bytesPerLine(),
                    m_image.format());
         QPainter p(&ref);
         p.setCompositionMode(QPainter::CompositionMode_Source);
-- 
cgit v1.2.3