diff options
author | Dominik Röttsches <drott@chromium.org> | 2019-12-17 14:12:38 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2019-12-21 19:03:48 +0100 |
commit | 8cee1dde4e708b1d4a9f028f3ac6cca99495d729 (patch) | |
tree | 078e2e6e1d37c9532446f9bd926d7d9324b31a91 | |
parent | 7e1b39f6cd1f8e14d45592c9b192ade643d8d9de (diff) | |
download | freetype2-8cee1dde4e708b1d4a9f028f3ac6cca99495d729.tar.gz |
Fix more UBSan warnings on adding offset to nullptr (#57432).
* src/truetype/ttinterp.c (Ins_LOOPCALL), src/psaux/psft.c
(cf2_initLocalRegionBuffer): Use `FT_OFFSET'.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | src/psaux/psft.c | 2 | ||||
-rw-r--r-- | src/truetype/ttinterp.c | 4 |
3 files changed, 10 insertions, 3 deletions
@@ -1,3 +1,10 @@ +2019-12-21 Dominik Röttsches <drott@chromium.org> + + Fix more UBSan warnings on adding offset to nullptr (#57432). + + * src/truetype/ttinterp.c (Ins_LOOPCALL), src/psaux/psft.c + (cf2_initLocalRegionBuffer): Use `FT_OFFSET'. + 2019-12-16 Werner Lemberg <wl@gnu.org> [truetype] Fix UBSan warnings on adding offsets to nullptr. diff --git a/src/psaux/psft.c b/src/psaux/psft.c index 7c7ef2cbe..08dd33c84 100644 --- a/src/psaux/psft.c +++ b/src/psaux/psft.c @@ -823,7 +823,7 @@ /* The CID driver stores subroutines with seed bytes. This */ /* case is taken care of when decoder->subrs_len == 0. */ if ( decoder->locals_len ) - buf->end = buf->start + decoder->locals_len[idx]; + buf->end = FT_OFFSET( buf->start, decoder->locals_len[idx] ); else { /* We are using subroutines from a CID font. We must adjust */ diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 369c7b5ff..dca11d739 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -4062,7 +4062,7 @@ /* */ /* If this isn't true, we need to look up the function table. */ - def = exc->FDefs + F; + def = FT_OFFSET( exc->FDefs, F ); if ( exc->maxFunc + 1 != exc->numFDefs || def->opc != F ) { /* look up the FDefs table */ @@ -4070,7 +4070,7 @@ def = exc->FDefs; - limit = def + exc->numFDefs; + limit = FT_OFFSET( def, exc->numFDefs ); while ( def < limit && def->opc != F ) def++; |