[base] Refuse to render enormous outlines (#47114).

The goal is to avoid integer overflows in the rendering algorithms.
The limit is chosen arbitrarily at some 2^18 pixels, which should be
enough for modern devices including printers.

* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
enormous outlines.

ChangeLog

@@ -1,3 +1,14 @@
+2016-03-06  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[base] Refuse to render enormous outlines (#47114).
+
+	The goal is to avoid integer overflows in the rendering algorithms.
+	The limit is chosen arbitrarily at some 2^18 pixels, which should be
+	enough for modern devices including printers.
+
+	* src/base/ftoutln.c (FT_Outline_Render): Check CBox and reject
+	enormous outlines.
+
 2016-03-06  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[smooth] Replace left shifts with multiplications (#47114).

src/base/ftoutln.c

@@ -618,6 +618,7 @@
     FT_Error     error;
     FT_Renderer  renderer;
     FT_ListNode  node;
+    FT_BBox      cbox;
 
 
     if ( !library )
@@ -629,6 +630,11 @@
     if ( !params )
       return FT_THROW( Invalid_Argument );
 
+    FT_Outline_Get_CBox( outline, &cbox );
+    if ( cbox.xMin < -0x1000000L || cbox.yMin < -0x1000000L ||
+         cbox.xMax >  0x1000000L || cbox.yMax >  0x1000000L )
+      return FT_THROW( Invalid_Outline );
+
     renderer = library->cur_renderer;
     node     = library->renderers.head;