kc3-lang/freetype

Browse

Commit 4270e9f3243079bb90b6af618ed4d4fd31266412

Dominik Röttsches 2019-11-27T11:38:45

Avoid more nullptr offset UBSan warnings (#57316). * src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points. * src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'. * src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if `charstring_base' or `charstring_len' are null. * src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

diff --git a/ChangeLog b/ChangeLog
index e5cb51c..454b8ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2019-11-29  Dominik Röttsches  <drott@chromium.org>
+
+	Avoid more nullptr offset UBSan warnings (#57316).
+
+	* src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points.
+	* src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'.
+	* src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if
+	`charstring_base' or `charstring_len' are null.
+	* src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'.
+
 2019-11-23  John Stracke  <jstracke@Google.com>
 
 	[base] Really fix #57194.
diff --git a/src/base/ftoutln.c b/src/base/ftoutln.c
index 0e2ba34..cf99bbc 100644
--- a/src/base/ftoutln.c
+++ b/src/base/ftoutln.c
@@ -711,7 +711,7 @@
     FT_Vector*  limit;
 
 
-    if ( !outline || !matrix )
+    if ( !outline || !matrix || !outline->points )
       return;
 
     vec   = outline->points;
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index 12efd18..ce02d6d 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -2057,7 +2057,7 @@
     if ( !error )
     {
       FT_TRACE4(( " top dictionary:\n" ));
-      error = cff_parser_run( &parser, dict, dict + dict_len );
+      error = cff_parser_run( &parser, dict, FT_OFFSET( dict, dict_len ) );
     }
 
     /* clean up regardless of error */
diff --git a/src/psaux/psft.c b/src/psaux/psft.c
index 54be468..a823ac8 100644
--- a/src/psaux/psft.c
+++ b/src/psaux/psft.c
@@ -313,9 +313,12 @@
     FT_Error   error = FT_Err_Ok;
     CF2_Font   font;
 
-    FT_Bool    is_t1 = decoder->builder.is_t1;
+    FT_Bool  is_t1 = decoder->builder.is_t1;
 
 
+    if ( !charstring_base || !charstring_len )
+      return FT_ERR( Invalid_File_Format );
+
     FT_ASSERT( decoder &&
                ( is_t1 || decoder->cff ) );
 
diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c
index 15b01a8..cf53924 100644
--- a/src/sfnt/ttload.c
+++ b/src/sfnt/ttload.c
@@ -924,7 +924,7 @@
       /* load language tags */
       {
         TT_LangTag  entry = table->langTags;
-        TT_LangTag  limit = entry + table->numLangTagRecords;
+        TT_LangTag  limit = FT_OFFSET( entry, table->numLangTagRecords );
 
 
         for ( ; entry < limit; entry++ )
kmx.io     mail     discord kmxgit v0.4.0