diff options
| author | Ben Wiederhake <BenWiederhake.GitHub@gmx.de> | 2021-11-20 16:35:55 +0100 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2021-11-21 11:49:06 +0000 |
| commit | 69cbaac50a57d9e555d4f6d243a51b90533452a4 (patch) | |
| tree | 14338cec94ac8fac5750991cb3241b39fcaba07a /Userland/Applications/FontEditor | |
| parent | 768915bbcdf04bb42744328dc3e6c102afe53eb6 (diff) | |
| download | serenity-69cbaac50a57d9e555d4f6d243a51b90533452a4.zip | |
FontEditor: Make glyph parsing more robust
In particular, we sanity-check the received width, height, and buffer
size, before allocating.
Diffstat (limited to 'Userland/Applications/FontEditor')
| -rw-r--r-- | Userland/Applications/FontEditor/GlyphEditorWidget.cpp | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/Userland/Applications/FontEditor/GlyphEditorWidget.cpp b/Userland/Applications/FontEditor/GlyphEditorWidget.cpp index bf385106e1..acde46891f 100644 --- a/Userland/Applications/FontEditor/GlyphEditorWidget.cpp +++ b/Userland/Applications/FontEditor/GlyphEditorWidget.cpp @@ -88,25 +88,35 @@ void GlyphEditorWidget::paste_glyph() if (!mime_type.starts_with("glyph/")) return; + auto byte_buffer = data.data(); + auto buffer_height = metadata.get("height").value_or("0").to_int().value_or(0); + auto buffer_width = metadata.get("width").value_or("0").to_int().value_or(0); + + if (buffer_height <= 0 || buffer_width <= 0 || buffer_height > 128 || buffer_width > 128) { + dbgln("Refusing to receive glyph of dimensions {}x{}", buffer_width, buffer_height); + return; + } + if (data.size() != static_cast<size_t>(buffer_width * buffer_height)) { + dbgln("Refusing to receive glyph with mismatching buffer sizes: Expected {}x{}={} bytes, received {} bytes.", + buffer_width, buffer_height, buffer_width * buffer_height, data.size()); + return; + } + if (on_undo_event) on_undo_event(); - auto byte_buffer = data.data(); - auto buffer_height = metadata.get("height").value().to_int(); - auto buffer_width = metadata.get("width").value().to_int(); - - u8 bits[buffer_width.value()][buffer_height.value()]; + u8 bits[buffer_width][buffer_height]; int i = 0; - for (int x = 0; x < buffer_width.value(); x++) { - for (int y = 0; y < buffer_height.value(); y++) { + for (int x = 0; x < buffer_width; x++) { + for (int y = 0; y < buffer_height; y++) { bits[x][y] = byte_buffer[i]; i++; } } auto bitmap = font().raw_glyph(m_glyph).glyph_bitmap(); - for (int x = 0; x < min(bitmap.width(), buffer_width.value()); x++) { - for (int y = 0; y < min(bitmap.height(), buffer_height.value()); y++) { + for (int x = 0; x < min(bitmap.width(), buffer_width); x++) { + for (int y = 0; y < min(bitmap.height(), buffer_height); y++) { bitmap.set_bit_at(x, y, bits[x][y]); } } |