From 6a61a7a96bd3ba1e7858c06f44d619f814af6b42 Mon Sep 17 00:00:00 2001
From: "Dr.Smile" <vabnick@gmail.com>
Date: Sat, 23 Apr 2016 19:44:05 +0300
Subject: rasterizer: drop outlines with points at too large coordinates

Such points can overflow internal calculations and usually produced
as a result of NaN to integer conversion.

Should fix #210.
---
 libass/ass_rasterizer.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'libass')

diff --git a/libass/ass_rasterizer.c b/libass/ass_rasterizer.c
index d8e86e8..dbad5a1 100644
--- a/libass/ass_rasterizer.c
+++ b/libass/ass_rasterizer.c
@@ -272,6 +272,11 @@ int rasterizer_set_outline(RasterizerData *rst, const ASS_Outline *path)
         if (j > last)
             return 0;
 
+        if (path->points[j].x <  -(1 << 28) || path->points[j].x >= (1 << 28))
+            return 0;
+        if (path->points[j].y <= -(1 << 28) || path->points[j].y >  (1 << 28))
+            return 0;
+
         switch (FT_CURVE_TAG(path->tags[j])) {
         case FT_CURVE_TAG_ON:
             p[0].x =  path->points[j].x;
@@ -309,7 +314,12 @@ int rasterizer_set_outline(RasterizerData *rst, const ASS_Outline *path)
             return 0;
         }
 
-        for (j++; j <= last; ++j)
+        for (j++; j <= last; j++) {
+            if (path->points[j].x <  -(1 << 28) || path->points[j].x >= (1 << 28))
+                return 0;
+            if (path->points[j].y <= -(1 << 28) || path->points[j].y >  (1 << 28))
+                return 0;
+
             switch (FT_CURVE_TAG(path->tags[j])) {
             case FT_CURVE_TAG_ON:
                 switch (st) {
@@ -390,6 +400,7 @@ int rasterizer_set_outline(RasterizerData *rst, const ASS_Outline *path)
             default:
                 return 0;
             }
+        }
 
         if (process_end)
             switch (st) {
-- 
cgit v1.2.3