9 Nov
2015
9 Nov
'15
9:51 a.m.
On Fri, Nov 06, 2015 at 09:25:09PM +0900, Akihiro Sagawa wrote:
@@ -6970,7 +6971,16 @@ static DWORD get_glyph_outline(GdiFont *incoming_font, UINT glyph, UINT format, INT w = min( pitch, (ft_face->glyph->bitmap.width + 7) >> 3 ); INT h = min( height, ft_face->glyph->bitmap.rows ); while(h--) {
memcpy(dst, src, w);
if (!font->fake_bold)memcpy(dst, src, w);else {INT x;dst[0] = 0;for (x = 0; x < w; x++) {dst[x ] = (dst[x] & 0x80) | (src[x] >> 1) | src[x];dst[x+1] = (src[x] & 0x01) << 7;
This could write past the end of dst (and similarly for ones below).
Huw.