Another bunch of UBSan warnings on adding offsets to nullptr.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19427 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19433 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19441 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19451 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19452 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19457 * src/autofit/aflatin.c (af_latin_hints_compute_segments, af_latin_hints_compute_edges): Use `FT_OFFSET'. * src/base/ftstream.c (FT_Stream_EnterFrame): Use `FT_OFFSET'. * src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Exit early if there is no charstring. * src/psaux/psobjs.c (t1_decrypt): Use `FT_OFFSET'. * src/smooth/ftsmooth.c (ft_smooth_render_generic): Exit early for zero bitmap dimensions.
This commit is contained in:
parent
11d4ce23ac
commit
2c9a2d58ca
26
ChangeLog
26
ChangeLog
|
@ -1,3 +1,29 @@
|
|||
2019-12-13 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
Another bunch of UBSan warnings on adding offsets to nullptr.
|
||||
|
||||
Reported as
|
||||
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19427
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19433
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19441
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19451
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19452
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19457
|
||||
|
||||
* src/autofit/aflatin.c (af_latin_hints_compute_segments,
|
||||
af_latin_hints_compute_edges): Use `FT_OFFSET'.
|
||||
|
||||
* src/base/ftstream.c (FT_Stream_EnterFrame): Use `FT_OFFSET'.
|
||||
|
||||
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Exit early
|
||||
if there is no charstring.
|
||||
|
||||
* src/psaux/psobjs.c (t1_decrypt): Use `FT_OFFSET'.
|
||||
|
||||
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Exit early for
|
||||
zero bitmap dimensions.
|
||||
|
||||
2019-12-09 Dominik Röttsches <drott@chromium.org>
|
||||
|
||||
Fix more UBSan warnings on adding offset to nullptr (#57384).
|
||||
|
|
|
@ -1910,7 +1910,7 @@
|
|||
/* sense -- this is used to better detect and ignore serifs */
|
||||
{
|
||||
AF_Segment segments = axis->segments;
|
||||
AF_Segment segments_end = segments + axis->num_segments;
|
||||
AF_Segment segments_end = FT_OFFSET( segments, axis->num_segments );
|
||||
|
||||
|
||||
for ( segment = segments; segment < segments_end; segment++ )
|
||||
|
@ -2314,7 +2314,7 @@
|
|||
*/
|
||||
{
|
||||
AF_Edge edges = axis->edges;
|
||||
AF_Edge edge_limit = edges + axis->num_edges;
|
||||
AF_Edge edge_limit = FT_OFFSET( edges, axis->num_edges );
|
||||
AF_Edge edge;
|
||||
|
||||
|
||||
|
|
|
@ -286,7 +286,7 @@
|
|||
}
|
||||
|
||||
stream->cursor = stream->base;
|
||||
stream->limit = stream->cursor + count;
|
||||
stream->limit = FT_OFFSET( stream->cursor, count );
|
||||
stream->pos += read_bytes;
|
||||
}
|
||||
else
|
||||
|
|
|
@ -530,6 +530,9 @@
|
|||
|
||||
builder->path_begun = 0;
|
||||
|
||||
if ( !charstring_base )
|
||||
return FT_Err_Ok;
|
||||
|
||||
zone->base = charstring_base;
|
||||
limit = zone->limit = charstring_base + charstring_len;
|
||||
ip = zone->cursor = zone->base;
|
||||
|
|
|
@ -2577,7 +2577,7 @@
|
|||
FT_UShort seed )
|
||||
{
|
||||
PS_Conv_EexecDecode( &buffer,
|
||||
buffer + length,
|
||||
FT_OFFSET( buffer, length ),
|
||||
buffer,
|
||||
length,
|
||||
&seed );
|
||||
|
|
|
@ -155,6 +155,9 @@
|
|||
goto Exit;
|
||||
}
|
||||
|
||||
if ( !bitmap->rows || !bitmap->pitch )
|
||||
goto Exit;
|
||||
|
||||
/* allocate new one */
|
||||
if ( FT_ALLOC_MULT( bitmap->buffer, bitmap->rows, bitmap->pitch ) )
|
||||
goto Exit;
|
||||
|
|
Loading…
Reference in New Issue