organicmaps/harfbuzz
13
Fork 0
mirror of https://github.com/harfbuzz/harfbuzz.git synced 2025-04-10 23:31:41 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions

[ft-colr] Protect against out-of-bounds color indices

Browse source
This commit is contained in:
Behdad Esfahbod 2025-03-06 17:38:50 -07:00
parent 8685653cc7
commit bf55e33287
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/hb-ft-colr.hh
View file

@ -83,7 +83,7 @@ struct hb_ft_paint_context_t
hb_ft_paint_context_t (const hb_ft_font_t *ft_font,
hb_font_t *font,
hb_paint_funcs_t *paint_funcs, void *paint_data,
FT_Color *palette,
hb_array_t<const FT_Color> palette,
unsigned palette_index,
hb_color_t foreground) :
ft_font (ft_font), font(font),
@ -103,7 +103,7 @@ struct hb_ft_paint_context_t
hb_font_t *font;
hb_paint_funcs_t *funcs;
void *data;
FT_Color *palette;
hb_array_t<const FT_Color> palette;
unsigned palette_index;
hb_color_t foreground;
hb_decycler_t glyphs_decycler;
@ -481,17 +481,19 @@ hb_ft_paint_glyph_colr (hb_font_t *font,
/* Face is locked. */
FT_Error error;
FT_Color* palette;
FT_Palette_Data palette_data = {};
FT_Color* palette = NULL;
FT_LayerIterator iterator;
FT_Bool have_layers;
FT_UInt layer_glyph_index;
FT_UInt layer_color_index;
error = FT_Palette_Select(ft_face, palette_index, &palette);
if (error)
palette = NULL;
(void) FT_Palette_Data_Get(ft_face, &palette_data);
(void) FT_Palette_Select(ft_face, palette_index, &palette);
auto palette_array = hb_array ((const FT_Color *) palette,
palette ? palette_data.num_palette_entries : 0);
/* COLRv1 */
FT_OpaquePaint paint = {0};
@ -501,7 +503,7 @@ hb_ft_paint_glyph_colr (hb_font_t *font,
{
hb_ft_paint_context_t c (ft_font, font,
paint_funcs, paint_data,
palette, palette_index, foreground);
palette_array, palette_index, foreground);
hb_decycler_node_t node (c.glyphs_decycler);
node.visit (gid);
@ -526,7 +528,7 @@ hb_ft_paint_glyph_colr (hb_font_t *font,
hb_paint_extents_context_t extents_data;
hb_ft_paint_context_t ce (ft_font, font,
extents_funcs, &extents_data,
palette, palette_index, foreground);
palette_array, palette_index, foreground);
hb_decycler_node_t node2 (ce.glyphs_decycler);
node2.visit (gid);
ce.funcs->push_root_transform (ce.data, font);