forked from minhngoc25a/freetype2
[truetype] Fix UBSan warnings on adding offsets to nullptr.
Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1032152 * src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Use `FT_OFFSET'.
This commit is contained in:
parent
0c14a3adb0
commit
7e1b39f6cd
10
ChangeLog
10
ChangeLog
|
@ -1,3 +1,13 @@
|
||||||
|
2019-12-16 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
|
[truetype] Fix UBSan warnings on adding offsets to nullptr.
|
||||||
|
|
||||||
|
Reported as
|
||||||
|
|
||||||
|
https://bugs.chromium.org/p/chromium/issues/detail?id=1032152
|
||||||
|
|
||||||
|
* src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Use `FT_OFFSET'.
|
||||||
|
|
||||||
2019-12-14 Werner Lemberg <wl@gnu.org>
|
2019-12-14 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
[truetype] Fix integer overflow.
|
[truetype] Fix integer overflow.
|
||||||
|
|
|
@ -3718,7 +3718,7 @@
|
||||||
/* We will then parse the current table. */
|
/* We will then parse the current table. */
|
||||||
|
|
||||||
rec = exc->FDefs;
|
rec = exc->FDefs;
|
||||||
limit = rec + exc->numFDefs;
|
limit = FT_OFFSET( rec, exc->numFDefs );
|
||||||
n = (FT_ULong)args[0];
|
n = (FT_ULong)args[0];
|
||||||
|
|
||||||
for ( ; rec < limit; rec++ )
|
for ( ; rec < limit; rec++ )
|
||||||
|
@ -4150,7 +4150,7 @@
|
||||||
/* First of all, look for the same function in our table */
|
/* First of all, look for the same function in our table */
|
||||||
|
|
||||||
def = exc->IDefs;
|
def = exc->IDefs;
|
||||||
limit = def + exc->numIDefs;
|
limit = FT_OFFSET( def, exc->numIDefs );
|
||||||
|
|
||||||
for ( ; def < limit; def++ )
|
for ( ; def < limit; def++ )
|
||||||
if ( def->opc == (FT_ULong)args[0] )
|
if ( def->opc == (FT_ULong)args[0] )
|
||||||
|
|
Loading…
Reference in New Issue