Skip to content

Commit 29ef095

Browse files
author
Lukasz Kostyra
committed
8313048: Better Glyph handling
Reviewed-by: rhalade, arapte, kcr
1 parent c7a1af7 commit 29ef095

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

modules/javafx.graphics/src/main/native-font/directwrite.cpp

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2167,10 +2167,14 @@ JNIEXPORT jbyteArray JNICALL OS_NATIVE(CreateAlphaTexture)
21672167
/* In Only */
21682168
if (arg2) lparg2 = getRECTFields(env, arg2, &_arg2);
21692169
if (!lparg2) return NULL;
2170+
if (lparg2->right <= lparg2->left) return NULL;
2171+
if (lparg2->bottom <= lparg2->top) return NULL;
21702172
DWRITE_TEXTURE_TYPE textureType = (DWRITE_TEXTURE_TYPE)arg1;
21712173
UINT32 width = lparg2->right - lparg2->left;
21722174
UINT32 height = lparg2->bottom - lparg2->top;
21732175
UINT32 bpp = textureType == DWRITE_TEXTURE_CLEARTYPE_3x1 ? 3 : 1;
2176+
if (height > UINT32_MAX / bpp) return NULL;
2177+
if (height > 0 && width > UINT32_MAX / (height * bpp)) return NULL;
21742178
UINT32 bufferSize = width * height * bpp;
21752179
BYTE * buffer = new (std::nothrow) BYTE[bufferSize];
21762180
HRESULT hr = ((IDWriteGlyphRunAnalysis *)arg0)->CreateAlphaTexture(textureType, lparg2, buffer, bufferSize);
@@ -2233,6 +2237,10 @@ JNIEXPORT jint JNICALL OS_NATIVE(GetGlyphs)
22332237
if (arg15) if ((lparg15 = env->GetShortArrayElements(arg15, NULL)) == NULL) goto fail;
22342238
if (arg16) if ((lparg16 = env->GetShortArrayElements(arg16, NULL)) == NULL) goto fail;
22352239
if (arg17) if ((lparg17 = env->GetIntArrayElements(arg17, NULL)) == NULL) goto fail;
2240+
if (textStart < 0) goto fail;
2241+
if (!arg1) goto fail;
2242+
if (arg2 <= 0 || arg2 > env->GetArrayLength(arg1)) goto fail;
2243+
if (textStart > env->GetArrayLength(arg1) - arg2) goto fail;
22362244
const WCHAR* text = (const WCHAR*)(lparg1 + textStart);
22372245

22382246
hr = ((IDWriteTextAnalyzer *)arg0)->GetGlyphs(text,
@@ -2297,6 +2305,10 @@ JNIEXPORT jint JNICALL OS_NATIVE(GetGlyphPlacements)
22972305
if (arg15) if ((lparg15 = env->GetIntArrayElements(arg15, NULL)) == NULL) goto fail;
22982306
if (arg17) if ((lparg17 = env->GetFloatArrayElements(arg17, NULL)) == NULL) goto fail;
22992307
if (arg18) if ((lparg18 = env->GetFloatArrayElements(arg18, NULL)) == NULL) goto fail;
2308+
if (textStart < 0) goto fail;
2309+
if (!arg1) goto fail;
2310+
if (arg4 <= 0 || arg4 > env->GetArrayLength(arg1)) goto fail;
2311+
if (textStart > env->GetArrayLength(arg1) - arg4) goto fail;
23002312
const WCHAR* text = (const WCHAR*)(lparg1 + textStart);
23012313

23022314
hr = ((IDWriteTextAnalyzer *)arg0)->GetGlyphPlacements(text,

0 commit comments

Comments
 (0)