From 43c9c2ef02c6dd50b13ba0914ac13a58d52d7069 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 12 Aug 2023 12:00:16 +0200
Subject: [PATCH] LibGfx/OpenType: Refuse to rasterize glyphs with invalid
 bounding box

---
 Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp b/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp
index 6db7d3171c..084f7e58e9 100644
--- a/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp
+++ b/Userland/Libraries/LibGfx/Font/OpenType/Glyf.cpp
@@ -326,6 +326,14 @@ void Glyf::Glyph::rasterize_impl(Gfx::Painter& painter, Gfx::AffineTransform con
 
 RefPtr<Gfx::Bitmap> Glyf::Glyph::rasterize_simple(i16 font_ascender, i16 font_descender, float x_scale, float y_scale, Gfx::GlyphSubpixelOffset subpixel_offset) const
 {
+    if (m_xmin > m_xmax) [[unlikely]] {
+        dbgln("OpenType: Glyph has invalid xMin ({}) > xMax ({})", m_xmin, m_xmax);
+        return nullptr;
+    }
+    if (font_descender > font_ascender) [[unlikely]] {
+        dbgln("OpenType: Glyph has invalid ascender ({}) > descender ({})", font_ascender, font_descender);
+        return nullptr;
+    }
     u32 width = (u32)(ceilf((m_xmax - m_xmin) * x_scale)) + 2;
     u32 height = (u32)(ceilf((font_ascender - font_descender) * y_scale)) + 2;
     auto bitmap = Gfx::Bitmap::create(Gfx::BitmapFormat::BGRA8888, { width, height }).release_value_but_fixme_should_propagate_errors();