external/graphite: Avoid -fsanitize=pointer-overflow

...that was recently introduced into Clang trunk with
<https://reviews.llvm.org/D33305> "[ubsan] Add a check for pointer overflow UB".

Here, _code is of type instr*, dist is of type ptrdiff_t, and sizeof(instr) is
something like 8.  My first impulse was to cast the result of the division (done
with arguments promoted to size_t) back to ptrdiff_t, but that wouldn't help:
When dist is a relatively small negative number (like
-3293184), the division expression will promote it to a large unsigned (size_t)
value (like 0xFFFF'FFFF'FFCD'C000), but the result (in our case,
0x1FFF'FFFF'FFF9'B800) would be small enough to fit into ptrdiff_t as a positive
value.  So assume that sizeof(instr) fits into int and ensure the division is
done on signed values.

(At least CppunitTest_sc_subsequent_filters_test started to fail with
"workdir/UnpackedTarball/graphite/src/inc/Code.h:165:15: runtime error: pointer
index expression with base 0x7fb90a3b4df0 overflowed to 0x7fb90a0a0df0".)

Change-Id: Ie6698e38d6abec80f2fa817c42ebf20618496109

1 files changed, 11 insertions, 0 deletions

diff --git a/external/graphite/ubsan.patch b/external/graphite/ubsan.patch
index 2f3bf5e7baf6..53585cf72628 100644
--- a/external/graphite/ubsan.patch
+++ b/external/graphite/ubsan.patch
@@ -38,3 +38,14 @@
  }
  
  
+--- src/inc/Code.h
++++ src/inc/Code.h
+@@ -162,7 +162,7 @@
+ {
+     if (_code && !_own)
+     {
+-        _code += dist / sizeof(instr);
++        _code += dist / int(sizeof(instr));
+         _data += dist;
+     }
+ }