[freetype2] master a3cfed5: Fix pointer underflow.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master a3cfed5: Fix pointer underflow.

From:	Armin
Subject:	[freetype2] master a3cfed5: Fix pointer underflow.
Date:	Wed, 30 May 2018 06:38:27 -0400 (EDT)

branch: master
commit a3cfed5e87232c933bdc64f43e8ebebcfd18b41b
Author: Armin Hasitzka <address@hidden>
Commit: Armin Hasitzka <address@hidden>

    Fix pointer underflow.
    
    The declaration of `edge2' can be reached with `edge1 == NULL' and
    `axis->edges == 0' which results in undefined behaviour.
    
    * src/autofit/afloader.c (af_loader_load_glyph): Initialise `edge2'
    after checking `axis->num_edges > 1'.  `edge1 != NULL' can be assumed.
---
 ChangeLog              | 10 ++++++++++
 src/autofit/afloader.c |  7 ++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3d8fc5c..f3ea117 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-05-30  Armin Hasitzka  <address@hidden>
+
+       Fix pointer underflow.
+
+       The declaration of `edge2' can be reached with `edge1 == NULL' and
+       `axis->edges == 0' which results in undefined behaviour.
+
+       * src/autofit/afloader.c (af_loader_load_glyph): Initialise `edge2'
+       after checking `axis->num_edges > 1'.  `edge1 != NULL' can be assumed.
+
 2018-05-30  Werner Lemberg  <address@hidden>
 
        Various minor color fixes.
diff --git a/src/autofit/afloader.c b/src/autofit/afloader.c
index 0a0ec5b..5cef7c1 100644
--- a/src/autofit/afloader.c
+++ b/src/autofit/afloader.c
@@ -434,13 +434,14 @@
         FT_Pos  pp1x_uh, pp2x_uh;
 
         AF_AxisHints  axis  = &hints->axis[AF_DIMENSION_HORZ];
-        AF_Edge       edge1 = axis->edges;         /* leftmost edge  */
-        AF_Edge       edge2 = edge1 +
-                              axis->num_edges - 1; /* rightmost edge */
+        AF_Edge       edge1 = axis->edges; /* leftmost edge  */
+        AF_Edge       edge2;               /* rightmost edge */
 
 
         if ( axis->num_edges > 1 && AF_HINTS_DO_ADVANCE( hints ) )
         {
+          edge2 = edge1 + axis->num_edges - 1;
+
           old_rsb = loader->pp2.x - edge2->opos;
           /* loader->pp1.x is always zero at this point of time */
           old_lsb = edge1->opos /* - loader->pp1.x */;

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master a3cfed5: Fix pointer underflow., Armin <=

Prev by Date: [freetype2] master ae2cd1b: Various minor color fixes.
Next by Date: [freetype2] master d45d4b9: Beautify a3cfed5e87232c933bdc64f43e8ebebcfd18b41b.
Previous by thread: [freetype2] master ae2cd1b: Various minor color fixes.
Next by thread: [freetype2] master d45d4b9: Beautify a3cfed5e87232c933bdc64f43e8ebebcfd18b41b.
Index(es):
- Date
- Thread