From 54cf108c846c69715533292c9c2e3269850b8219 Mon Sep 17 00:00:00 2001
From: Vojtech Bocek <vbocek@gmail.com>
Date: Sun, 15 Mar 2015 16:50:26 +0100
Subject: Fix invalid memory access when rendering a ttf glyph with 'left' < 0

* Fixes for example 'j' in Roboto-Regular

Change-Id: I0cf778c99f391900e164be743165cf8aad891020
Signed-off-by: Vojtech Bocek <vbocek@gmail.com>
---
 minuitwrp/truetype.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'minuitwrp')

diff --git a/minuitwrp/truetype.c b/minuitwrp/truetype.c
index e8a162945..a286449ed 100644
--- a/minuitwrp/truetype.c
+++ b/minuitwrp/truetype.c
@@ -369,6 +369,11 @@ static int gr_ttf_copy_glyph_to_surface(GGLSurface *dest, FT_BitmapGlyph glyph,
 
     dest_itr += (offY + base - glyph->top)*dest->stride + (offX + glyph->left);
 
+    // FIXME: if glyph->left is negative and everything else is 0 (e.g. letter 'j' in Roboto-Regular),
+    // the result might end up being before the buffer - I'm not sure how to properly handle this.
+    if(dest_itr < dest->data)
+        dest_itr = dest->data;
+
     for(y = 0; y < glyph->bitmap.rows; ++y)
     {
         memcpy(dest_itr, src_itr, glyph->bitmap.width);
-- 
cgit v1.2.3