diff options
| author | Paul Olav Tvete <paul.tvete@qt.io> | 2024-03-15 15:28:26 +0100 |
|---|---|---|
| committer | Paul Olav Tvete <paul.tvete@qt.io> | 2024-03-15 20:46:39 +0100 |
| commit | 7a84c58f55ab56c5d77be80e43783d0b5302a749 (patch) | |
| tree | e37f1e10ad51973d2009c6710e82fbc114da0fe3 | |
| parent | f944651e3db01a73b10212926a7b1c7aad5eb83e (diff) | |
Fix QTextEngine regression with large-ish texts
Change 997fd3b88ede8078af286da6ecc197e83a8cbb46 fixed integer overflows
with huge texts. This was done by using qsizetype for size calculations
instead of int. However, that change introduced a serious regression
due to an itermediate imultiplication result being "promoted" to unsigned,
and therefore a negative value being converted to a large positive.
The solution is to make sure all values in the expression are signed.
Fixes: QTBUG-123339
Task-number: QTBUG-119611
Pick-to: 6.7
Change-Id: I3f9189f77b383c6103cf5b35981cdb607b065f6f
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
| -rw-r--r-- | src/gui/text/qtextengine.cpp | 7 | ||||
| -rw-r--r-- | src/gui/text/qtextengine_p.h | 6 | ||||
| -rw-r--r-- | tests/auto/gui/text/qfontmetrics/tst_qfontmetrics.cpp | 22 |
3 files changed, 28 insertions, 7 deletions
diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp index febc364fb36..cb945b73ce7 100644 --- a/src/gui/text/qtextengine.cpp +++ b/src/gui/text/qtextengine.cpp @@ -2658,9 +2658,10 @@ QTextEngine::LayoutData::LayoutData(const QString &str, void **stack_memory, qsi { allocated = _allocated; - qsizetype space_charAttributes = sizeof(QCharAttributes) * string.size() / sizeof(void*) + 1; - qsizetype space_logClusters = sizeof(unsigned short) * string.size() / sizeof(void*) + 1; - available_glyphs = (allocated - space_charAttributes - space_logClusters) * sizeof(void*) / QGlyphLayout::SpaceNeeded; + constexpr qsizetype voidSize = sizeof(void*); + qsizetype space_charAttributes = sizeof(QCharAttributes) * string.size() / voidSize + 1; + qsizetype space_logClusters = sizeof(unsigned short) * string.size() / voidSize + 1; + available_glyphs = (allocated - space_charAttributes - space_logClusters) * voidSize / QGlyphLayout::SpaceNeeded; if (available_glyphs < str.size()) { // need to allocate on the heap diff --git a/src/gui/text/qtextengine_p.h b/src/gui/text/qtextengine_p.h index 7d5e2aa41ec..a829265a229 100644 --- a/src/gui/text/qtextengine_p.h +++ b/src/gui/text/qtextengine_p.h @@ -159,10 +159,8 @@ Q_DECLARE_TYPEINFO(QGlyphAttributes, Q_PRIMITIVE_TYPE); struct QGlyphLayout { - enum { - SpaceNeeded = sizeof(glyph_t) + sizeof(QFixed) + sizeof(QFixedPoint) - + sizeof(QGlyphAttributes) + sizeof(QGlyphJustification) - }; + static constexpr qsizetype SpaceNeeded = sizeof(glyph_t) + sizeof(QFixed) + sizeof(QFixedPoint) + + sizeof(QGlyphAttributes) + sizeof(QGlyphJustification); // init to 0 not needed, done when shaping QFixedPoint *offsets; // 8 bytes per element diff --git a/tests/auto/gui/text/qfontmetrics/tst_qfontmetrics.cpp b/tests/auto/gui/text/qfontmetrics/tst_qfontmetrics.cpp index 0c3b3fc86c1..678eb0393f5 100644 --- a/tests/auto/gui/text/qfontmetrics/tst_qfontmetrics.cpp +++ b/tests/auto/gui/text/qfontmetrics/tst_qfontmetrics.cpp @@ -34,6 +34,8 @@ private slots: void zeroWidthMetrics(); void verticalMetrics_data(); void verticalMetrics(); + void largeText_data(); + void largeText(); // QTBUG-123339 }; void tst_QFontMetrics::same() @@ -388,5 +390,25 @@ void tst_QFontMetrics::verticalMetrics() QVERIFY(fm.ascent() != 0 || fm.descent() != 0); } +void tst_QFontMetrics::largeText_data() +{ + QTest::addColumn<qsizetype>("size"); + for (int i = 1; i < 20; ++i) { + qsizetype size = qsizetype(1) << i; + QByteArray rowText = QByteArray::number(size); + QTest::newRow(rowText.constData()) << size; + } +} + +void tst_QFontMetrics::largeText() +{ + QFont font; + QFontMetrics fm(font); + QFETCH(qsizetype, size); + QString string(size, QLatin1Char('A')); + QRect boundingRect = fm.boundingRect(string); + QVERIFY(boundingRect.isValid()); +} + QTEST_MAIN(tst_QFontMetrics) #include "tst_qfontmetrics.moc" |