summaryrefslogtreecommitdiff
path: root/src/gui/painting/qtextureglyphcache.cpp
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2017-11-03 14:40:46 +0100
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2017-11-06 14:03:44 +0000
commit7df4dcff2cafcd9b57eb7a4812be871d956f0ec8 (patch)
tree5d93b64f03179aa724fbb80353b9b789ee72b9a2 /src/gui/painting/qtextureglyphcache.cpp
parentc8fa698e9928783ee7257134e72c3c5927fe5698 (diff)
downloadqtbase-7df4dcff2cafcd9b57eb7a4812be871d956f0ec8.tar.gz
Fix memory corruption on scaled emojis
Bitmap glyphs are returned prescaled, which means we should include the transform in their bounding box. Additionally painting them should stick the smallest rect to avoid writing outside the allocated area, and assert in debug builds. Task-number: QTBUG-64239 Change-Id: I5f877d36566891323f528018f910798344ba4ce2 Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com> Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Diffstat (limited to 'src/gui/painting/qtextureglyphcache.cpp')
-rw-r--r--src/gui/painting/qtextureglyphcache.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gui/painting/qtextureglyphcache.cpp b/src/gui/painting/qtextureglyphcache.cpp
index 86a53c21a3..2a7e0eaa0c 100644
--- a/src/gui/painting/qtextureglyphcache.cpp
+++ b/src/gui/painting/qtextureglyphcache.cpp
@@ -318,11 +318,12 @@ void QImageTextureGlyphCache::fillTexture(const Coord &c, glyph_t g, QFixed subP
return;
}
#endif
+ Q_ASSERT(mask.width() <= c.w && mask.height() <= c.h);
if (m_format == QFontEngine::Format_A32
|| m_format == QFontEngine::Format_ARGB) {
QImage ref(m_image.bits() + (c.x * 4 + c.y * m_image.bytesPerLine()),
- qMax(mask.width(), c.w), qMax(mask.height(), c.h), m_image.bytesPerLine(),
+ qMin(mask.width(), c.w), qMin(mask.height(), c.h), m_image.bytesPerLine(),
m_image.format());
QPainter p(&ref);
p.setCompositionMode(QPainter::CompositionMode_Source);