diff options
| author | Andreas Kling <kling@serenityos.org> | 2023-02-10 22:10:36 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2023-02-10 23:33:16 +0100 |
| commit | e9078e216d44b7b401250247be921ce51a2d69ea (patch) | |
| tree | 49d4dd5d04c327d069bb6172a87dbb715944b4c7 /Userland/Libraries | |
| parent | b4596b48f5e99ed174df1dd6d4a85d75b749fb72 (diff) | |
| download | serenity-e9078e216d44b7b401250247be921ce51a2d69ea.zip | |
LibGfx: Make sure the Painter clip rect is never larger than the target
The new Painter::set_clip_rect(IntRect) API was able to make the clip
rect larger than the underlying target bitmap. This was not good, as it
could make it possible to draw outside the bitmap memory.
Fixes a crash when viewing https://twinings.co.uk/ in the browser. :^)
Diffstat (limited to 'Userland/Libraries')
| -rw-r--r-- | Userland/Libraries/LibGfx/Painter.cpp | 5 | ||||
| -rw-r--r-- | Userland/Libraries/LibGfx/Painter.h | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/Userland/Libraries/LibGfx/Painter.cpp b/Userland/Libraries/LibGfx/Painter.cpp index faaa537292..44e2510c9c 100644 --- a/Userland/Libraries/LibGfx/Painter.cpp +++ b/Userland/Libraries/LibGfx/Painter.cpp @@ -2575,4 +2575,9 @@ void Painter::draw_scaled_bitmap_with_transform(IntRect const& dst_rect, Bitmap } } +void Painter::set_clip_rect(IntRect const& rect) +{ + state().clip_rect = rect.intersected(m_target->rect()); +} + } diff --git a/Userland/Libraries/LibGfx/Painter.h b/Userland/Libraries/LibGfx/Painter.h index 918ce51590..58c4d93f9c 100644 --- a/Userland/Libraries/LibGfx/Painter.h +++ b/Userland/Libraries/LibGfx/Painter.h @@ -177,7 +177,7 @@ public: } IntRect clip_rect() const { return state().clip_rect; } - void set_clip_rect(IntRect const& rect) { state().clip_rect = rect; } + void set_clip_rect(IntRect const&); int scale() const { return state().scale; } |