From e16bfbec4c63bff4e5218f180d822cadfd2c7f8c Mon Sep 17 00:00:00 2001
From: Alexei Podtelezhnikov <apodtele@gmail.com>
Date: Thu, 9 Aug 2018 22:18:00 -0400
Subject: [raster, smooth] Reinstate bitmap size limits.

This again moves outline and bitmap size checks one level up.

* src/base/ftoutln.c (FT_Outline_Render): Explicitly reject enormous
outlines.
* src/raster/ftrend1.c (ft_raster1_render): Reject enormous bitmaps
and, therefore, outlines that require them.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.

* src/raster/ftraster.c (ft_black_render): Remove outline size checks.
* src/smooth/ftgrays.c (gray_raster_render): Ditto.
[STANDALONE]: Remove `FT_Outline_Get_CBox' copy.
---
 src/raster/ftraster.c | 19 -------------------
 src/raster/ftrend1.c  |  8 ++++++++
 2 files changed, 8 insertions(+), 19 deletions(-)

(limited to 'src/raster')

diff --git a/src/raster/ftraster.c b/src/raster/ftraster.c
index eece0f848..8a583ea5d 100644
--- a/src/raster/ftraster.c
+++ b/src/raster/ftraster.c
@@ -3251,7 +3251,6 @@
   {
     const FT_Outline*  outline    = (const FT_Outline*)params->source;
     const FT_Bitmap*   target_map = params->target;
-    FT_BBox            cbox;
 
     black_TWorker  worker[1];
 
@@ -3292,24 +3291,6 @@
     if ( !target_map->buffer )
       return FT_THROW( Invalid );
 
-    FT_Outline_Get_CBox( outline, &cbox );
-
-    /* reject too large outline coordinates */
-    if ( cbox.xMin < -0x1000000L || cbox.xMax > 0x1000000L ||
-         cbox.yMin < -0x1000000L || cbox.yMax > 0x1000000L )
-      return FT_THROW( Invalid );
-
-    /* truncate the bounding box to integer pixels */
-    cbox.xMin = cbox.xMin >> 6;
-    cbox.yMin = cbox.yMin >> 6;
-    cbox.xMax = ( cbox.xMax + 63 ) >> 6;
-    cbox.yMax = ( cbox.yMax + 63 ) >> 6;
-
-    /* reject too large glyphs */
-    if ( cbox.xMax - cbox.xMin > 0xFFFF ||
-         cbox.yMax - cbox.yMin > 0xFFFF )
-      return FT_THROW( Invalid );
-
     ras.outline = *outline;
     ras.target  = *target_map;
 
diff --git a/src/raster/ftrend1.c b/src/raster/ftrend1.c
index 205cd9b31..e8ea9cbe1 100644
--- a/src/raster/ftrend1.c
+++ b/src/raster/ftrend1.c
@@ -129,6 +129,14 @@
 
     ft_glyphslot_preset_bitmap( slot, mode, origin );
 
+    if ( bitmap->width > 0x7FFF || bitmap->rows > 0x7FFF )
+    {
+      FT_ERROR(( "ft_raster1_render: glyph is too large: %u x %u\n",
+                 bitmap->width, bitmap->rows ));
+      error = FT_THROW( Raster_Overflow );
+      goto Exit;
+    }
+
     /* allocate new one */
     if ( FT_ALLOC_MULT( bitmap->buffer, bitmap->rows, bitmap->pitch ) )
       goto Exit;
-- 
cgit v1.2.1