[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 7e1b39f: [truetype] Fix UBSan warnings on adding offs
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master 7e1b39f: [truetype] Fix UBSan warnings on adding offsets to nullptr. |
|
Date: |
Mon, 16 Dec 2019 05:08:32 -0500 (EST) |
branch: master
commit 7e1b39f6cd1f8e14d45592c9b192ade643d8d9de
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[truetype] Fix UBSan warnings on adding offsets to nullptr.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1032152
* src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Use `FT_OFFSET'.
---
ChangeLog | 10 ++++++++++
src/truetype/ttinterp.c | 4 ++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 720a38c..a93b43d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2019-12-16 Werner Lemberg <address@hidden>
+
+ [truetype] Fix UBSan warnings on adding offsets to nullptr.
+
+ Reported as
+
+ https://bugs.chromium.org/p/chromium/issues/detail?id=1032152
+
+ * src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Use `FT_OFFSET'.
+
2019-12-14 Werner Lemberg <address@hidden>
[truetype] Fix integer overflow.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 7d021eb..369c7b5 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3718,7 +3718,7 @@
/* We will then parse the current table. */
rec = exc->FDefs;
- limit = rec + exc->numFDefs;
+ limit = FT_OFFSET( rec, exc->numFDefs );
n = (FT_ULong)args[0];
for ( ; rec < limit; rec++ )
@@ -4150,7 +4150,7 @@
/* First of all, look for the same function in our table */
def = exc->IDefs;
- limit = def + exc->numIDefs;
+ limit = FT_OFFSET( def, exc->numIDefs );
for ( ; def < limit; def++ )
if ( def->opc == (FT_ULong)args[0] )
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 7e1b39f: [truetype] Fix UBSan warnings on adding offsets to nullptr.,
Werner LEMBERG <=