From 681b4a49d797996229513d3e842d2a431030730a Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Wed, 7 Jun 2017 15:32:30 +0200 Subject: external/graphite: Avoid -fsanitize=pointer-overflow ...that was recently introduced into Clang trunk with "[ubsan] Add a check for pointer overflow UB". Here, _code is of type instr*, dist is of type ptrdiff_t, and sizeof(instr) is something like 8. My first impulse was to cast the result of the division (done with arguments promoted to size_t) back to ptrdiff_t, but that wouldn't help: When dist is a relatively small negative number (like -3293184), the division expression will promote it to a large unsigned (size_t) value (like 0xFFFF'FFFF'FFCD'C000), but the result (in our case, 0x1FFF'FFFF'FFF9'B800) would be small enough to fit into ptrdiff_t as a positive value. So assume that sizeof(instr) fits into int and ensure the division is done on signed values. (At least CppunitTest_sc_subsequent_filters_test started to fail with "workdir/UnpackedTarball/graphite/src/inc/Code.h:165:15: runtime error: pointer index expression with base 0x7fb90a3b4df0 overflowed to 0x7fb90a0a0df0".) Change-Id: Ie6698e38d6abec80f2fa817c42ebf20618496109 --- external/graphite/ubsan.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'external') diff --git a/external/graphite/ubsan.patch b/external/graphite/ubsan.patch index 2f3bf5e7baf6..53585cf72628 100644 --- a/external/graphite/ubsan.patch +++ b/external/graphite/ubsan.patch @@ -38,3 +38,14 @@ } +--- src/inc/Code.h ++++ src/inc/Code.h +@@ -162,7 +162,7 @@ + { + if (_code && !_own) + { +- _code += dist / sizeof(instr); ++ _code += dist / int(sizeof(instr)); + _data += dist; + } + } -- cgit