[Libreoffice-commits] core.git: external/graphite
Stephan Bergmann
sbergman at redhat.com
Wed Jun 7 13:45:20 UTC 2017
external/graphite/ubsan.patch | 11 +++++++++++
1 file changed, 11 insertions(+)
New commits:
commit 681b4a49d797996229513d3e842d2a431030730a
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Wed Jun 7 15:32:30 2017 +0200
external/graphite: Avoid -fsanitize=pointer-overflow
...that was recently introduced into Clang trunk with
<https://reviews.llvm.org/D33305> "[ubsan] Add a check for pointer overflow UB".
Here, _code is of type instr*, dist is of type ptrdiff_t, and sizeof(instr) is
something like 8. My first impulse was to cast the result of the division (done
with arguments promoted to size_t) back to ptrdiff_t, but that wouldn't help:
When dist is a relatively small negative number (like
-3293184), the division expression will promote it to a large unsigned (size_t)
value (like 0xFFFF'FFFF'FFCD'C000), but the result (in our case,
0x1FFF'FFFF'FFF9'B800) would be small enough to fit into ptrdiff_t as a positive
value. So assume that sizeof(instr) fits into int and ensure the division is
done on signed values.
(At least CppunitTest_sc_subsequent_filters_test started to fail with
"workdir/UnpackedTarball/graphite/src/inc/Code.h:165:15: runtime error: pointer
index expression with base 0x7fb90a3b4df0 overflowed to 0x7fb90a0a0df0".)
Change-Id: Ie6698e38d6abec80f2fa817c42ebf20618496109
diff --git a/external/graphite/ubsan.patch b/external/graphite/ubsan.patch
index 2f3bf5e7baf6..53585cf72628 100644
--- a/external/graphite/ubsan.patch
+++ b/external/graphite/ubsan.patch
@@ -38,3 +38,14 @@
}
+--- src/inc/Code.h
++++ src/inc/Code.h
+@@ -162,7 +162,7 @@
+ {
+ if (_code && !_own)
+ {
+- _code += dist / sizeof(instr);
++ _code += dist / int(sizeof(instr));
+ _data += dist;
+ }
+ }
More information about the Libreoffice-commits
mailing list