From 350d06249534917da3e8c990f42817b03e7a02a6 Mon Sep 17 00:00:00 2001 From: Filip Sykala Date: Mon, 21 Mar 2022 06:31:43 +0100 Subject: [PATCH] Better fix of heap buffer overflow, suggested in https://github.com/nothings/stb/issues/1296 --- src/imgui/README.md | 4 ++-- src/imgui/imstb_truetype.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/imgui/README.md b/src/imgui/README.md index 66663b34b3..58008bded0 100644 --- a/src/imgui/README.md +++ b/src/imgui/README.md @@ -18,5 +18,5 @@ imstb_truetype.h modification: Hot fix for open symbolic fonts on windows 62bdfe6f8d04b88e8bd511cd613be80c0baa7f55 -Hot fix for prevent Heap buffer overflow on MAC -56758dcf8568d91b8a3ad50ccd4b137181ac9490 +Hot fix for open curved fonts mainly on MAC +2148e49f75d82cb19dc6ec409fb7825296ed005c diff --git a/src/imgui/imstb_truetype.h b/src/imgui/imstb_truetype.h index 86b89d82e6..90a4a31445 100644 --- a/src/imgui/imstb_truetype.h +++ b/src/imgui/imstb_truetype.h @@ -1664,7 +1664,7 @@ static int stbtt__GetGlyphShapeTT(const stbtt_fontinfo *info, int glyph_index, s n = 1+ttUSHORT(endPtsOfContours + numberOfContours*2-2); m = n + 2*numberOfContours; // a loose bound on how many vertices we might need - vertices = (stbtt_vertex *) STBTT_malloc((m + 1) * sizeof(vertices[0]), info->userdata); + vertices = (stbtt_vertex *) STBTT_malloc(m * sizeof(vertices[0]), info->userdata); if (vertices == 0) return 0; @@ -1735,7 +1735,7 @@ static int stbtt__GetGlyphShapeTT(const stbtt_fontinfo *info, int glyph_index, s // now start the new one start_off = !(flags & 1); - if (start_off) { + if (start_off && (i + 1) < n) { // if we start off with an off-curve point, then when we need to find a point on the curve // where we can start, and we need to save some state for when we wraparound. scx = x;