[truetype] Fix UBSan warnings on adding offsets to nullptr.

Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1032152 * src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Use `FT_OFFSET'.
author: Werner Lemberg <wl@gnu.org> 2019-12-16 11:07:58 +0100
committer: Werner Lemberg <wl@gnu.org> 2019-12-16 11:07:58 +0100
commit: 7e1b39f6cd1f8e14d45592c9b192ade643d8d9de (patch)
tree: 9352e5e95880561af4e95200f55bdfe08fd199dd /src/truetype/ttinterp.c
parent: 0c14a3adb08ca5aaac3188a63246361c50b069d4 (diff)
download: freetype2-7e1b39f6cd1f8e14d45592c9b192ade643d8d9de.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 7d021eb7c..369c7b5ff 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3718,7 +3718,7 @@
     /* We will then parse the current table.                       */
 
     rec   = exc->FDefs;
-    limit = rec + exc->numFDefs;
+    limit = FT_OFFSET( rec, exc->numFDefs );
     n     = (FT_ULong)args[0];
 
     for ( ; rec < limit; rec++ )
@@ -4150,7 +4150,7 @@
     /*  First of all, look for the same function in our table */
 
     def   = exc->IDefs;
-    limit = def + exc->numIDefs;
+    limit = FT_OFFSET( def, exc->numIDefs );
 
     for ( ; def < limit; def++ )
       if ( def->opc == (FT_ULong)args[0] )
author	Werner Lemberg <wl@gnu.org>	2019-12-16 11:07:58 +0100
committer	Werner Lemberg <wl@gnu.org>	2019-12-16 11:07:58 +0100
commit	7e1b39f6cd1f8e14d45592c9b192ade643d8d9de (patch)
tree	9352e5e95880561af4e95200f55bdfe08fd199dd /src/truetype/ttinterp.c
parent	0c14a3adb08ca5aaac3188a63246361c50b069d4 (diff)
download	freetype2-7e1b39f6cd1f8e14d45592c9b192ade643d8d9de.tar.gz