Skip to content

T
Third Party Harfbuzz

OpenHarmony / Third Party Harfbuzz
11 个月 前同步成功

通知 0
Star 18
Fork 0
T
Third Party Harfbuzz

体验新版 GitCode,发现更多精彩内容 >>

提交 3c69bd46 编写于 作者: B Behdad Esfahbod
浏览文件
操作

[HB] Avoid int overflow in GPOS 

Bug 592036 - integer overflow bug causes misrendering of Nepali characters
上级 b2b18ef4
隐藏空白更改
内联 并排
Showing with 13 addition and 10 deletion
src/hb-ot-layout-gpos-private.hh
浏览文件 @ 3c69bd46
...@@ -102,13 +102,13 @@ struct ValueRecord { ...@@ -102,13 +102,13 @@ struct ValueRecord {
y_scale = context->font->y_scale; y_scale = context->font->y_scale;
/* design units -> fractional pixel */ /* design units -> fractional pixel */
if (format & xPlacement) if (format & xPlacement)
glyph_pos->x_pos += x_scale * *(SHORT*)values++ / 0x10000; glyph_pos->x_pos += _hb_16dot16_mul_trunc (x_scale, *(SHORT*)values++);
if (format & yPlacement) if (format & yPlacement)
glyph_pos->y_pos += y_scale * *(SHORT*)values++ / 0x10000; glyph_pos->y_pos += _hb_16dot16_mul_trunc (y_scale, *(SHORT*)values++);
if (format & xAdvance) if (format & xAdvance)
glyph_pos->x_advance += x_scale * *(SHORT*)values++ / 0x10000; glyph_pos->x_advance += _hb_16dot16_mul_trunc (x_scale, *(SHORT*)values++);
if (format & yAdvance) if (format & yAdvance)
glyph_pos->y_advance += y_scale * *(SHORT*)values++ / 0x10000; glyph_pos->y_advance += _hb_16dot16_mul_trunc (y_scale, *(SHORT*)values++);
x_ppem = context->font->x_ppem; x_ppem = context->font->x_ppem;
y_ppem = context->font->y_ppem; y_ppem = context->font->y_ppem;
...@@ -150,8 +150,8 @@ struct AnchorFormat1 ...@@ -150,8 +150,8 @@ struct AnchorFormat1
inline void get_anchor (hb_ot_layout_context_t *context, hb_codepoint_t glyph_id, inline void get_anchor (hb_ot_layout_context_t *context, hb_codepoint_t glyph_id,
hb_position_t *x, hb_position_t *y) const hb_position_t *x, hb_position_t *y) const
{ {
*x = context->font->x_scale * xCoordinate / 0x10000; *x = _hb_16dot16_mul_trunc (context->font->x_scale, xCoordinate);
*y = context->font->y_scale * yCoordinate / 0x10000; *y = _hb_16dot16_mul_trunc (context->font->y_scale, yCoordinate);
} }
inline bool sanitize (SANITIZE_ARG_DEF) { inline bool sanitize (SANITIZE_ARG_DEF) {
...@@ -175,8 +175,8 @@ struct AnchorFormat2 ...@@ -175,8 +175,8 @@ struct AnchorFormat2
hb_position_t *x, hb_position_t *y) const hb_position_t *x, hb_position_t *y) const
{ {
/* TODO Contour */ /* TODO Contour */
*x = context->font->x_scale * xCoordinate / 0x10000; *x = _hb_16dot16_mul_trunc (context->font->x_scale, xCoordinate);
*y = context->font->y_scale * yCoordinate / 0x10000; *y = _hb_16dot16_mul_trunc (context->font->y_scale, yCoordinate);
} }
inline bool sanitize (SANITIZE_ARG_DEF) { inline bool sanitize (SANITIZE_ARG_DEF) {
...@@ -200,8 +200,8 @@ struct AnchorFormat3 ...@@ -200,8 +200,8 @@ struct AnchorFormat3
inline void get_anchor (hb_ot_layout_context_t *context, hb_codepoint_t glyph_id, inline void get_anchor (hb_ot_layout_context_t *context, hb_codepoint_t glyph_id,
hb_position_t *x, hb_position_t *y) const hb_position_t *x, hb_position_t *y) const
{ {
*x = context->font->x_scale * xCoordinate / 0x10000; *x = _hb_16dot16_mul_trunc (context->font->x_scale, xCoordinate);
*y = context->font->y_scale * yCoordinate / 0x10000; *y = _hb_16dot16_mul_trunc (context->font->y_scale, yCoordinate);
if (context->font->x_ppem) if (context->font->x_ppem)
*x += (this+xDeviceTable).get_delta (context->font->x_ppem) << 6; *x += (this+xDeviceTable).get_delta (context->font->x_ppem) << 6;
......
src/hb-private.h
浏览文件 @ 3c69bd46
...@@ -201,6 +201,9 @@ _hb_popcount32 (uint32_t mask) ...@@ -201,6 +201,9 @@ _hb_popcount32 (uint32_t mask)
} }
/* Multiplies a 16dot16 value by another value, then truncates the result */
#define _hb_16dot16_mul_trunc(A,B) ((int64_t) (A) * (B) / 0x10000)
#include "hb-object-private.h" #include "hb-object-private.h"
#endif /* HB_PRIVATE_H */ #endif /* HB_PRIVATE_H */
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册