From 7499f2f037c23cf78ea974beb22dec35202295c7 Mon Sep 17 00:00:00 2001 From: rarified Date: Fri, 10 Sep 2021 10:25:22 -0600 Subject: [PATCH] Fix wild access to font structures when rendering non-ascii unicode characters. --- Sources/Plasma/PubUtilLib/plGImage/plFont.cpp | 50 +++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/Sources/Plasma/PubUtilLib/plGImage/plFont.cpp b/Sources/Plasma/PubUtilLib/plGImage/plFont.cpp index 4cdaa6e5..cdc47362 100644 --- a/Sources/Plasma/PubUtilLib/plGImage/plFont.cpp +++ b/Sources/Plasma/PubUtilLib/plGImage/plFont.cpp @@ -288,7 +288,16 @@ void plFont::IRenderString( plMipmap *mip, UInt16 x, UInt16 y, const wchar_t *st if( justCalc ) { - plCharacter &ch = fCharacters[ (UInt16)string[ 0 ] - fFirstChar ]; + UInt16 ixFC = (UInt16)L' ' - fFirstChar; + if (fCharacters.Count() <= ((UInt16)string[0] - fFirstChar)) { + UInt16 w = wctob((UInt16)string[0]); + if ((w != EOF) && (fCharacters.Count() > (w - fFirstChar))) + ixFC = w - fFirstChar; + } else { + ixFC = (UInt16)string[0] - fFirstChar; + } + + plCharacter &ch = fCharacters[ixFC]; fRenderInfo.fX = fRenderInfo.fFarthestX = x - (Int16)ch.fLeftKern; if( fRenderInfo.fX < 0 ) fRenderInfo.fX = 0; @@ -387,7 +396,16 @@ void plFont::IRenderString( plMipmap *mip, UInt16 x, UInt16 y, const wchar_t *st // Just calculating, no wrapping, so the max is as far as we can go // Note: 32767 isn't quite right, since we'll be adding the left kern in before we // calc the first character, so adjust so we make sure we don't underflow - plCharacter &ch = fCharacters[ (UInt16)(UInt8)string[ 0 ] - fFirstChar ]; + UInt16 ixFC = (UInt16)L' ' - fFirstChar; + if (fCharacters.Count() <= ((UInt16)string[0] - fFirstChar)) { + UInt16 w = wctob((UInt16)string[0]); + if ((w != EOF) && (fCharacters.Count() > (w - fFirstChar))) + ixFC = w - fFirstChar; + } else { + ixFC = (UInt16)string[0] - fFirstChar; + } + + plCharacter &ch = fCharacters[ixFC]; fRenderInfo.fMaxHeight = (Int16)fMaxCharHeight; fRenderInfo.fMaxWidth = (Int16)32767 + (Int16)ch.fLeftKern; @@ -451,11 +469,16 @@ void plFont::IRenderString( plMipmap *mip, UInt16 x, UInt16 y, const wchar_t *st } // handle invalid chars discretely - plCharacter* charToDraw = NULL; - if (fCharacters.Count() <= ((UInt16)string[i] - fFirstChar)) - charToDraw = &(fCharacters[(UInt16)L' ' - fFirstChar]); - else - charToDraw = &(fCharacters[(UInt16)string[i] - fFirstChar]); + UInt16 ixFC = (UInt16)L' ' - fFirstChar; + if (fCharacters.Count() <= ((UInt16)string[i] - fFirstChar)) { + UInt16 w = wctob((UInt16)string[i]); + if ((w != EOF) && (fCharacters.Count() > (w - fFirstChar))) + ixFC = w - fFirstChar; + } else { + ixFC = (UInt16)string[i] - fFirstChar; + } + + plCharacter* charToDraw = &(fCharacters[ixFC]); Int16 leftKern = (Int16)charToDraw->fLeftKern; if( fRenderInfo.fFlags & kRenderScaleAA ) @@ -584,8 +607,17 @@ void plFont::IRenderString( plMipmap *mip, UInt16 x, UInt16 y, const wchar_t *st else if( ( fRenderInfo.fFlags & kRenderJustXMask ) == kRenderJustXForceLeft ) { Int16 baseX = fRenderInfo.fX; - - plCharacter &ch = fCharacters[ (UInt16)string[ 0 ] - fFirstChar ]; + + UInt16 ixFC = (UInt16)L' ' - fFirstChar; + if (fCharacters.Count() <= ((UInt16)string[0] - fFirstChar)) { + UInt16 w = wctob((UInt16)string[0]); + if ((w != EOF) && (fCharacters.Count() > (w - fFirstChar))) + ixFC = w - fFirstChar; + } else { + ixFC = (UInt16)string[0] - fFirstChar; + } + + plCharacter &ch = fCharacters[ixFC]; fRenderInfo.fX -= (Int16)ch.fLeftKern; fRenderInfo.fDestPtr -= (Int16)ch.fLeftKern * fRenderInfo.fDestBPP;