[Libreoffice-commits] core.git: vcl/source

Stephan Bergmann (via logerrit) logerrit at kemper.freedesktop.org
Fri May 31 13:08:40 UTC 2019 

 vcl/source/fontsubset/sft.cxx |   20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

New commits:
commit c0a2335d89532119a04aad32316cabe9f1b5d149
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Wed May 29 19:02:19 2019 +0200
Commit:     Stephan Bergmann <sbergman at redhat.com>
CommitDate: Fri May 31 15:07:49 2019 +0200

    Avoid UB shifting a negative int
    
    `--convert-to pdf cdr/fdo55522-1.cdr` with cdr/fdo55522-1.cdr as obtained by
    bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at
    <https://bugs.documentfoundation.org/show_bug.cgi?id=55522#c0>) under
    -fsanitize=undefined causes
    
    > vcl/source/fontsubset/sft.cxx:580:34: runtime error: left shift of negative value -16384
    >  #0 in vcl::GetCompoundTTOutline(vcl::TrueTypeFont*, unsigned int, vcl::ControlPoint**, vcl::TTGlyphMetrics*, std::__debug::vector<unsigned int, std::allocator<unsigned int> >&) at vcl/source/fontsubset/sft.cxx:580:34 (instdir/program/libvcllo.so +0x94a45cd)
    >  #1 in vcl::GetTTGlyphOutline(vcl::TrueTypeFont*, unsigned int, vcl::ControlPoint**, vcl::TTGlyphMetrics*, std::__debug::vector<unsigned int, std::allocator<unsigned int> >*) at vcl/source/fontsubset/sft.cxx:688:15 (instdir/program/libvcllo.so +0x9479a18)
    >  #2 in vcl::GetCompoundTTOutline(vcl::TrueTypeFont*, unsigned int, vcl::ControlPoint**, vcl::TTGlyphMetrics*, std::__debug::vector<unsigned int, std::allocator<unsigned int> >&) at vcl/source/fontsubset/sft.cxx:543:19 (instdir/program/libvcllo.so +0x94a3ec9)
    >  #3 in vcl::GetTTGlyphOutline(vcl::TrueTypeFont*, unsigned int, vcl::ControlPoint**, vcl::TTGlyphMetrics*, std::__debug::vector<unsigned int, std::allocator<unsigned int> >*) at vcl/source/fontsubset/sft.cxx:688:15 (instdir/program/libvcllo.so +0x9479a18)
    >  #4 in vcl::GetTTGlyphPoints(vcl::TrueTypeFont*, unsigned int, vcl::ControlPoint**) at vcl/source/fontsubset/sft.cxx:1707:12 (instdir/program/libvcllo.so +0x9478c66)
    >  #5 in vcl::GetTTRawGlyphData(vcl::TrueTypeFont*, unsigned int) at vcl/source/fontsubset/sft.cxx:2480:9 (instdir/program/libvcllo.so +0x9487c85)
    >  #6 in vcl::CreateTTFromTTGlyphs(vcl::TrueTypeFont*, char const*, unsigned short const*, unsigned char const*, int) at vcl/source/fontsubset/sft.cxx:1955:32 (instdir/program/libvcllo.so +0x94821ce)
    >  #7 in psp::PrintFontManager::createFontSubset(FontSubsetInfo&, int, rtl::OUString const&, unsigned short const*, unsigned char const*, int*, int) at vcl/unx/generic/fontmanager/fontmanager.cxx:1094:41 (instdir/program/libvcllo.so +0x99dee87)
    >  #8 in CairoTextRender::CreateFontSubset(rtl::OUString const&, PhysicalFontFace const*, unsigned short const*, unsigned char const*, int*, int, FontSubsetInfo&) at vcl/unx/generic/gdi/cairotextrender.cxx:494:26 (instdir/program/libvcllo.so +0x98af6bc)
    >  #9 in SvpSalGraphics::CreateFontSubset(rtl::OUString const&, PhysicalFontFace const*, unsigned short const*, unsigned char const*, int*, int, FontSubsetInfo&) at vcl/headless/svptext.cxx:74:30 (instdir/program/libvcllo.so +0x98a10a3)
    >  #10 in vcl::PDFWriterImpl::emitFonts() at vcl/source/gdi/pdfwriter_impl.cxx:2815:28 (instdir/program/libvcllo.so +0x7fdbd2d)
    >  #11 in vcl::PDFWriterImpl::emitResources() at vcl/source/gdi/pdfwriter_impl.cxx:3045:5 (instdir/program/libvcllo.so +0x7fe3188)
    >  #12 in vcl::PDFWriterImpl::emitCatalog() at vcl/source/gdi/pdfwriter_impl.cxx:4528:5 (instdir/program/libvcllo.so +0x8023c46)
    >  #13 in vcl::PDFWriterImpl::emit() at vcl/source/gdi/pdfwriter_impl.cxx:5748:5 (instdir/program/libvcllo.so +0x8044e2d)
    >  #14 in vcl::PDFWriter::Emit() at vcl/source/gdi/pdfwriter.cxx:52:29 (instdir/program/libvcllo.so +0x7f017bc)
    >  #15 in PDFExport::Export(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdfexport.cxx:957:40 (instdir/program/../program/libpdffilterlo.so +0x2f1789)
    >  #16 in PDFFilter::implExport(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdffilter.cxx:155:24 (instdir/program/../program/libpdffilterlo.so +0x33ac4f)
    >  #17 in PDFFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdffilter.cxx:216:23 (instdir/program/../program/libpdffilterlo.so +0x33babf)
    >  #18 in SfxObjectShell::ExportTo(SfxMedium&) at sfx2/source/doc/objstor.cxx:2422:25 (instdir/program/libsfxlo.so +0x4a4e283)
    >  #19 in SfxObjectShell::SaveTo_Impl(SfxMedium&, SfxItemSet const*) at sfx2/source/doc/objstor.cxx:1513:19 (instdir/program/libsfxlo.so +0x4a3e302)
    >  #20 in SfxObjectShell::PreDoSaveAs_Impl(rtl::OUString const&, rtl::OUString const&, SfxItemSet const&) at sfx2/source/doc/objstor.cxx:2828:39 (instdir/program/libsfxlo.so +0x4a6d72c)
    >  #21 in SfxObjectShell::CommonSaveAs_Impl(INetURLObject const&, rtl::OUString const&, SfxItemSet&) at sfx2/source/doc/objstor.cxx:2685:9 (instdir/program/libsfxlo.so +0x4a671c3)
    >  #22 in SfxObjectShell::APISaveAs_Impl(rtl::OUString const&, SfxItemSet&) at sfx2/source/doc/objserv.cxx:326:19 (instdir/program/libsfxlo.so +0x49de0b8)
    >  #23 in SfxBaseModel::impl_store(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, bool) at sfx2/source/doc/sfxbasemodel.cxx:3026:42 (instdir/program/libsfxlo.so +0x4bc9c26)
    >  #24 in SfxBaseModel::storeToURL(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at sfx2/source/doc/sfxbasemodel.cxx:1697:13 (instdir/program/libsfxlo.so +0x4bd02fb)
    [...]
    
    and then later a similar
    
    > vcl/source/fontsubset/sft.cxx:590:34: runtime error: left shift of negative value -16384
    [...]
    
    Change-Id: I12444a704870d7a03ead6be5c039934e826fda7d
    Reviewed-on: https://gerrit.libreoffice.org/73184
    Reviewed-by: Khaled Hosny <khaledhosny at eglug.org>
    Tested-by: Jenkins

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 613cf79f9734..2ad41691f1ef 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -487,6 +487,12 @@ static int GetSimpleTTOutline(TrueTypeFont const *ttf, sal_uInt32 glyphID, Contr
     return lastPoint + 1;
 }
 
+static F16Dot16 fromF2Dot14(sal_Int16 n)
+{
+    // Avoid undefined shift of negative values prior to C++2a:
+    return sal_uInt32(n) << 2;
+}
+
 static int GetCompoundTTOutline(TrueTypeFont *ttf, sal_uInt32 glyphID, ControlPoint **pointArray, TTGlyphMetrics *metrics, std::vector< sal_uInt32 >& glyphlist)
 {
     sal_uInt16 flags, index;
@@ -577,18 +583,18 @@ static int GetCompoundTTOutline(TrueTypeFont *ttf, sal_uInt32 glyphID, ControlPo
         b = c = 0;
 
         if (flags & WE_HAVE_A_SCALE) {
-            a = GetInt16(ptr, 0) << 2;
+            a = fromF2Dot14(GetInt16(ptr, 0));
             d = a;
             ptr += 2;
         } else if (flags & WE_HAVE_AN_X_AND_Y_SCALE) {
-            a = GetInt16(ptr, 0) << 2;
-            d = GetInt16(ptr, 2) << 2;
+            a = fromF2Dot14(GetInt16(ptr, 0));
+            d = fromF2Dot14(GetInt16(ptr, 2));
             ptr += 4;
         } else if (flags & WE_HAVE_A_TWO_BY_TWO) {
-            a = GetInt16(ptr, 0) << 2;
-            b = GetInt16(ptr, 2) << 2;
-            c = GetInt16(ptr, 4) << 2;
-            d = GetInt16(ptr, 6) << 2;
+            a = fromF2Dot14(GetInt16(ptr, 0));
+            b = fromF2Dot14(GetInt16(ptr, 2));
+            c = fromF2Dot14(GetInt16(ptr, 4));
+            d = fromF2Dot14(GetInt16(ptr, 6));
             ptr += 8;
         }

More information about the Libreoffice-commits mailing list