From 4270e9f3243079bb90b6af618ed4d4fd31266412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= Date: Wed, 27 Nov 2019 11:38:45 -0500 Subject: [PATCH] Avoid more nullptr offset UBSan warnings (#57316). * src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points. * src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'. * src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if `charstring_base' or `charstring_len' are null. * src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'. --- ChangeLog | 10 ++++++++++ src/base/ftoutln.c | 2 +- src/cff/cffload.c | 2 +- src/psaux/psft.c | 5 ++++- src/sfnt/ttload.c | 2 +- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index e5cb51c87..454b8aefe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2019-11-29 Dominik Röttsches + + Avoid more nullptr offset UBSan warnings (#57316). + + * src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points. + * src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'. + * src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if + `charstring_base' or `charstring_len' are null. + * src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'. + 2019-11-23 John Stracke [base] Really fix #57194. diff --git a/src/base/ftoutln.c b/src/base/ftoutln.c index 0e2ba3475..cf99bbc23 100644 --- a/src/base/ftoutln.c +++ b/src/base/ftoutln.c @@ -711,7 +711,7 @@ FT_Vector* limit; - if ( !outline || !matrix ) + if ( !outline || !matrix || !outline->points ) return; vec = outline->points; diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 12efd18dc..ce02d6d94 100644 --- a/src/cff/cffload.c +++ b/src/cff/cffload.c @@ -2057,7 +2057,7 @@ if ( !error ) { FT_TRACE4(( " top dictionary:\n" )); - error = cff_parser_run( &parser, dict, dict + dict_len ); + error = cff_parser_run( &parser, dict, FT_OFFSET( dict, dict_len ) ); } /* clean up regardless of error */ diff --git a/src/psaux/psft.c b/src/psaux/psft.c index 54be46834..a823ac800 100644 --- a/src/psaux/psft.c +++ b/src/psaux/psft.c @@ -313,9 +313,12 @@ FT_Error error = FT_Err_Ok; CF2_Font font; - FT_Bool is_t1 = decoder->builder.is_t1; + FT_Bool is_t1 = decoder->builder.is_t1; + if ( !charstring_base || !charstring_len ) + return FT_ERR( Invalid_File_Format ); + FT_ASSERT( decoder && ( is_t1 || decoder->cff ) ); diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c index 15b01a800..cf5392465 100644 --- a/src/sfnt/ttload.c +++ b/src/sfnt/ttload.c @@ -924,7 +924,7 @@ /* load language tags */ { TT_LangTag entry = table->langTags; - TT_LangTag limit = entry + table->numLangTagRecords; + TT_LangTag limit = FT_OFFSET( entry, table->numLangTagRecords ); for ( ; entry < limit; entry++ )