From 588421986784df1ae3df16305d90cecdb07e9951 Mon Sep 17 00:00:00 2001 From: cfillion Date: Wed, 28 Sep 2022 23:37:39 -0400 Subject: [PATCH] imgui_freetype: Assert if bitmap size exceed chunk size to avoid buffer overflow. (#5731) --- misc/freetype/imgui_freetype.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/freetype/imgui_freetype.cpp b/misc/freetype/imgui_freetype.cpp index 4066a9a6c9e1..03255326b2b6 100644 --- a/misc/freetype/imgui_freetype.cpp +++ b/misc/freetype/imgui_freetype.cpp @@ -508,7 +508,7 @@ bool ImFontAtlasBuildWithFreeTypeEx(FT_Library ft_library, ImFontAtlas* atlas, u // Allocate temporary rasterization data buffers. // We could not find a way to retrieve accurate glyph size without rendering them. // (e.g. slot->metrics->width not always matching bitmap->width, especially considering the Oblique transform) - // We allocate in chunks of 256 KB to not waste too much extra memory ahead. Hopefully users of FreeType won't find the temporary allocations. + // We allocate in chunks of 256 KB to not waste too much extra memory ahead. Hopefully users of FreeType won't mind the temporary allocations. const int BITMAP_BUFFERS_CHUNK_SIZE = 256 * 1024; int buf_bitmap_current_used_bytes = 0; ImVector buf_bitmap_buffers; @@ -556,6 +556,7 @@ bool ImFontAtlasBuildWithFreeTypeEx(FT_Library ft_library, ImFontAtlas* atlas, u buf_bitmap_current_used_bytes = 0; buf_bitmap_buffers.push_back((unsigned char*)IM_ALLOC(BITMAP_BUFFERS_CHUNK_SIZE)); } + IM_ASSERT(buf_bitmap_current_used_bytes + bitmap_size_in_bytes <= BITMAP_BUFFERS_CHUNK_SIZE); // We could probably allocate custom-sized buffer instead. // Blit rasterized pixels to our temporary buffer and keep a pointer to it. src_glyph.BitmapData = (unsigned int*)(buf_bitmap_buffers.back() + buf_bitmap_current_used_bytes);