Fix more UBSan warnings on adding offset to nullptr (#57432).
* src/truetype/ttinterp.c (Ins_LOOPCALL), src/psaux/psft.c (cf2_initLocalRegionBuffer): Use `FT_OFFSET'.
This commit is contained in:
parent
7e1b39f6cd
commit
8cee1dde4e
|
@ -1,3 +1,10 @@
|
||||||
|
2019-12-21 Dominik Röttsches <drott@chromium.org>
|
||||||
|
|
||||||
|
Fix more UBSan warnings on adding offset to nullptr (#57432).
|
||||||
|
|
||||||
|
* src/truetype/ttinterp.c (Ins_LOOPCALL), src/psaux/psft.c
|
||||||
|
(cf2_initLocalRegionBuffer): Use `FT_OFFSET'.
|
||||||
|
|
||||||
2019-12-16 Werner Lemberg <wl@gnu.org>
|
2019-12-16 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
[truetype] Fix UBSan warnings on adding offsets to nullptr.
|
[truetype] Fix UBSan warnings on adding offsets to nullptr.
|
||||||
|
|
|
@ -823,7 +823,7 @@
|
||||||
/* The CID driver stores subroutines with seed bytes. This */
|
/* The CID driver stores subroutines with seed bytes. This */
|
||||||
/* case is taken care of when decoder->subrs_len == 0. */
|
/* case is taken care of when decoder->subrs_len == 0. */
|
||||||
if ( decoder->locals_len )
|
if ( decoder->locals_len )
|
||||||
buf->end = buf->start + decoder->locals_len[idx];
|
buf->end = FT_OFFSET( buf->start, decoder->locals_len[idx] );
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* We are using subroutines from a CID font. We must adjust */
|
/* We are using subroutines from a CID font. We must adjust */
|
||||||
|
|
|
@ -4062,7 +4062,7 @@
|
||||||
/* */
|
/* */
|
||||||
/* If this isn't true, we need to look up the function table. */
|
/* If this isn't true, we need to look up the function table. */
|
||||||
|
|
||||||
def = exc->FDefs + F;
|
def = FT_OFFSET( exc->FDefs, F );
|
||||||
if ( exc->maxFunc + 1 != exc->numFDefs || def->opc != F )
|
if ( exc->maxFunc + 1 != exc->numFDefs || def->opc != F )
|
||||||
{
|
{
|
||||||
/* look up the FDefs table */
|
/* look up the FDefs table */
|
||||||
|
@ -4070,7 +4070,7 @@
|
||||||
|
|
||||||
|
|
||||||
def = exc->FDefs;
|
def = exc->FDefs;
|
||||||
limit = def + exc->numFDefs;
|
limit = FT_OFFSET( def, exc->numFDefs );
|
||||||
|
|
||||||
while ( def < limit && def->opc != F )
|
while ( def < limit && def->opc != F )
|
||||||
def++;
|
def++;
|
||||||
|
|
Loading…
Reference in New Issue