diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2019-05-29 18:31:57 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2019-05-29 21:42:24 +0200 |
| commit | 4c707b78a705d6cc74061433cd01175283fabb2e (patch) | |
| tree | 9a0b2afe00a2fed581591c83b0825d39f00f50e6 /external/libcdr | |
| parent | c7ece07d2e1b478bf25a976618e9bc5e5bc1a144 (diff) | |
external/libcdr: Avoid UB converting from double to int via unsigned
Opening cdr/fdo53278-4.cdr as obtained by
bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at
<https://bugs.documentfoundation.org/show_bug.cgi?id=53278#c14>) under
-fsanitize=undefined causes
> CDRPath.cpp:821:34: runtime error: -173.908 is outside the range of representable values of type 'unsigned int'
> #0 in libcdr::CDRPath::writeOut(librevenge::RVNGString&, librevenge::RVNGString&, double&) const at workdir/UnpackedTarball/libcdr/src/lib/CDRPath.cpp:821:34 (instdir/program/../program/libwpftdrawlo.so +0x2380015)
> #1 in libcdr::CDRContentCollector::_lineProperties(librevenge::RVNGPropertyList&) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:1118:17 (instdir/program/../program/libwpftdrawlo.so +0x2090b54)
> #2 in libcdr::CDRContentCollector::_flushCurrentPath() at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:240:5 (instdir/program/../program/libwpftdrawlo.so +0x2070a9e)
> #3 in libcdr::CDRContentCollector::collectLevel(unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:563:5 (instdir/program/../program/libwpftdrawlo.so +0x209243d)
> #4 in libcdr::CDRParser::parseRecord(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:514:18 (instdir/program/../program/libwpftdrawlo.so +0x213bdff)
> #5 in libcdr::CDRParser::parseRecords(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:500:10 (instdir/program/../program/libwpftdrawlo.so +0x213b93f)
[...]
Change-Id: Ie73965851102689ebb7895d61edb3d32ff47c60c
Reviewed-on: https://gerrit.libreoffice.org/73181
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'external/libcdr')
| -rw-r--r-- | external/libcdr/UnpackedTarball_libcdr.mk | 5 | ||||
| -rw-r--r-- | external/libcdr/ubsan.patch | 64 |
2 files changed, 68 insertions, 1 deletions
diff --git a/external/libcdr/UnpackedTarball_libcdr.mk b/external/libcdr/UnpackedTarball_libcdr.mk index 0c61c5962385..d53ea59e2bf6 100644 --- a/external/libcdr/UnpackedTarball_libcdr.mk +++ b/external/libcdr/UnpackedTarball_libcdr.mk @@ -16,10 +16,13 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,libcdr,0)) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,libcdr)) # * external/libcdr/0001-Add-missing-include.patch.1 is from upstream master (see content for -# details): +# details); +# * external/libcdr/ubsan.patch is upstream at <https://gerrit.libreoffice.org/#/c/73182/> "Avoid UB +# converting from double to int via unsigned": $(eval $(call gb_UnpackedTarball_add_patches,libcdr, \ external/libcdr/libcdr-visibility-win.patch \ external/libcdr/0001-Add-missing-include.patch.1 \ + external/libcdr/ubsan.patch \ )) ifeq ($(NEED_CLANG_LINUX_UBSAN_RTTI_VISIBILITY),TRUE) diff --git a/external/libcdr/ubsan.patch b/external/libcdr/ubsan.patch new file mode 100644 index 000000000000..316c47a45ab9 --- /dev/null +++ b/external/libcdr/ubsan.patch @@ -0,0 +1,64 @@ +--- src/lib/CDRPath.cpp ++++ src/lib/CDRPath.cpp +@@ -796,7 +796,7 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie + + + width = qy - py; +- viewBox.sprintf("%i %i %i %i", 0, 0, (unsigned)(2540*(qx - px)), (unsigned)(2540*(qy - py))); ++ viewBox.sprintf("%i %i %i %i", 0, 0, (int)(2540*(qx - px)), (int)(2540*(qy - py))); + + for (unsigned i = 0; i < vec.count(); ++i) + { +@@ -804,38 +804,38 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie + if (vec[i]["librevenge:path-action"]->getStr() == "M") + { + // 2540 is 2.54*1000, 2.54 in = 1 inch +- sElement.sprintf("M%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540)); ++ sElement.sprintf("M%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y"]->getDouble()-py)*2540)); + path.append(sElement); + } + else if (vec[i]["librevenge:path-action"]->getStr() == "L") + { +- sElement.sprintf("L%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540)); ++ sElement.sprintf("L%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y"]->getDouble()-py)*2540)); + path.append(sElement); + } + else if (vec[i]["librevenge:path-action"]->getStr() == "C") + { +- sElement.sprintf("C%i %i %i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x2"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y2"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540)); ++ sElement.sprintf("C%i %i %i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x2"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y2"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y"]->getDouble()-py)*2540)); + path.append(sElement); + } + else if (vec[i]["librevenge:path-action"]->getStr() == "Q") + { +- sElement.sprintf("Q%i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), +- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540)); ++ sElement.sprintf("Q%i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540), ++ (int)((vec[i]["svg:y"]->getDouble()-py)*2540)); + path.append(sElement); + } + else if (vec[i]["librevenge:path-action"]->getStr() == "A") + { +- sElement.sprintf("A%i %i %i %i %i %i %i", (unsigned)((vec[i]["svg:rx"]->getDouble())*2540), +- (unsigned)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0), ++ sElement.sprintf("A%i %i %i %i %i %i %i", (int)((vec[i]["svg:rx"]->getDouble())*2540), ++ (int)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0), + (vec[i]["librevenge:large-arc"] ? vec[i]["librevenge:large-arc"]->getInt() : 1), + (vec[i]["librevenge:sweep"] ? vec[i]["librevenge:sweep"]->getInt() : 1), +- (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540)); ++ (int)((vec[i]["svg:x"]->getDouble()-px)*2540), (int)((vec[i]["svg:y"]->getDouble()-py)*2540)); + path.append(sElement); + } + else if (vec[i]["librevenge:path-action"]->getStr() == "Z") |