Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
ft2demos
0001-integer-overflows.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-integer-overflows.patch of Package ft2demos
Index: freetype-2.6.3/src/truetype/ttinterp.c =================================================================== --- freetype-2.6.3.orig/src/truetype/ttinterp.c +++ freetype-2.6.3/src/truetype/ttinterp.c @@ -5602,6 +5602,7 @@ #ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING FT_F26Dot6 control_value_cutin = 0; /* pacify compiler */ + FT_F26Dot6 delta; if ( SUBPIXEL_HINTING ) @@ -5638,11 +5639,15 @@ distance = PROJECT( exc->zp1.cur + point, exc->zp0.cur + exc->GS.rp0 ); #ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING + delta = SUB_LONG( distance, args[1] ); + if ( delta < 0 ) + delta = NEG_LONG( delta ); + /* subpixel hinting - make MSIRP respect CVT cut-in; */ if ( SUBPIXEL_HINTING && exc->ignore_x_mode && exc->GS.freeVector.x != 0 && - FT_ABS( distance - args[1] ) >= control_value_cutin ) + delta >= control_value_cutin ) distance = args[1]; #endif /* TT_CONFIG_OPTION_SUBPIXEL_HINTING */ @@ -5796,7 +5801,14 @@ if ( ( exc->opcode & 1 ) != 0 ) /* rounding and control cut-in flag */ { - if ( FT_ABS( distance - org_dist ) > control_value_cutin ) + FT_F26Dot6 delta; + + + delta = SUB_LONG( distance, org_dist ); + if ( delta < 0 ) + delta = NEG_LONG( delta ); + + if ( delta > control_value_cutin ) distance = org_dist; #ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING @@ -6071,6 +6083,9 @@ if ( exc->GS.gep0 == exc->GS.gep1 ) { + FT_F26Dot6 delta; + + /* XXX: According to Greg Hitchcock, the following wording is */ /* the right one: */ /* */ @@ -6083,8 +6098,12 @@ /* `ttinst2.doc', version 1.66, is thus incorrect since */ /* it implies `>=' instead of `>'. */ - if ( FT_ABS( cvt_dist - org_dist ) > control_value_cutin ) - cvt_dist = org_dist; + delta = SUB_LONG( cvt_dist, org_dist ); + if ( delta < 0 ) + delta = NEG_LONG( delta ); + + if ( delta > control_value_cutin ) + cvt_dist = org_dist; } distance = exc->func_round( @@ -6101,7 +6120,14 @@ exc->ignore_x_mode && exc->GS.gep0 == exc->GS.gep1 ) { - if ( FT_ABS( cvt_dist - org_dist ) > control_value_cutin ) + FT_F26Dot6 delta; + + + delta = SUB_LONG( cvt_dist, org_dist ); + if ( delta < 0 ) + delta = NEG_LONG( delta ); + + if ( delta > control_value_cutin ) cvt_dist = org_dist; } #endif /* TT_CONFIG_OPTION_SUBPIXEL_HINTING */ Index: freetype-2.6.3/include/freetype/internal/ftcalc.h =================================================================== --- freetype-2.6.3.orig/include/freetype/internal/ftcalc.h +++ freetype-2.6.3/include/freetype/internal/ftcalc.h @@ -409,6 +409,33 @@ FT_BEGIN_HEADER #define ROUND_F26DOT6( x ) ( x >= 0 ? ( ( (x) + 32 ) & -64 ) \ : ( -( ( 32 - (x) ) & -64 ) ) ) + /* + * The following macros have two purposes. + * + * . Tag places where overflow is expected and harmless. + * + * . Avoid run-time sanitizer errors. + * + * Use with care! + */ +#define ADD_LONG( a, b ) \ + (FT_Long)( (FT_ULong)(a) + (FT_ULong)(b) ) +#define SUB_LONG( a, b ) \ + (FT_Long)( (FT_ULong)(a) - (FT_ULong)(b) ) +#define MUL_LONG( a, b ) \ + (FT_Long)( (FT_ULong)(a) * (FT_ULong)(b) ) +#define NEG_LONG( a ) \ + (FT_Long)( (FT_ULong)0 - (FT_ULong)(a) ) + +#define ADD_INT32( a, b ) \ + (FT_Int32)( (FT_UInt32)(a) + (FT_UInt32)(b) ) +#define SUB_INT32( a, b ) \ + (FT_Int32)( (FT_UInt32)(a) - (FT_UInt32)(b) ) +#define MUL_INT32( a, b ) \ + (FT_Int32)( (FT_UInt32)(a) * (FT_UInt32)(b) ) +#define NEG_INT32( a ) \ + (FT_Int32)( (FT_UInt32)0 - (FT_UInt32)(a) ) + FT_END_HEADER
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor