office-gobmx/external/harfbuzz/ubsan.patch
Stephan Bergmann 91078f94b0 external/harfbuzz: Avoid UBSan nullptr-with-nonzero-offset
...(new with Clang 10 trunk), as seen during CppunitTest_emfio_emf:

> hb-ot-layout-gsubgpos.hh:390:20: runtime error: applying non-zero offset 2 to null pointer
>  #0 in OT::hb_ot_apply_context_t::skipping_iterator_t::next() at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:390:20
>  #1 in OT::PairPosFormat1::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gpos-table.hh:910:22
>  #2 in bool OT::hb_get_subtables_context_t::apply_to<OT::PairPosFormat1>(void const*, OT::hb_ot_apply_context_t*) at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:625:23
>  #3 in OT::hb_get_subtables_context_t::hb_applicable_t::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:643:62
>  #4 in OT::hb_ot_layout_lookup_accelerator_t::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:2624:24
>  #5 in apply_forward(OT::hb_ot_apply_context_t*, OT::hb_ot_layout_lookup_accelerator_t const&) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1811:24
>  #6 in void apply_string<GPOSProxy>(OT::hb_ot_apply_context_t*, GPOSProxy::Lookup const&, OT::hb_ot_layout_lookup_accelerator_t const&) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1864:11
>  #7 in void hb_ot_map_t::apply<GPOSProxy>(GPOSProxy const&, hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1910:7
>  #8 in hb_ot_map_t::position(hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1933:3
>  #9 in hb_ot_shape_plan_t::position(hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:266:9
>  #10 in hb_ot_position_complex(hb_ot_shape_context_t const*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:951:12
>  #11 in hb_ot_position(hb_ot_shape_context_t const*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:994:3
>  #12 in hb_ot_shape_internal(hb_ot_shape_context_t*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:1065:3
>  #13 in _hb_ot_shape at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:1088:3
>  #14 in hb_shape_plan_execute at workdir/UnpackedTarball/harfbuzz/src/./hb-shaper-list.hh:42:1
>  #15 in hb_shape_full at workdir/UnpackedTarball/harfbuzz/src/hb-shape.cc:139:19
>  #16 in GenericSalLayout::LayoutText(ImplLayoutArgs&, SalLayoutGlyphs const*) at vcl/source/gdi/CommonSalLayout.cxx:463:23
>  #17 in OutputDevice::ImplLayout(rtl::OUString const&, int, int, Point const&, long, long const*, SalLayoutFlags, vcl::TextLayoutCache const*, SalLayoutGlyphs const*) const at vcl/source/outdev/text.cxx:1312:36
>  #18 in OutputDevice::GetTextBoundRect(tools::Rectangle&, rtl::OUString const&, int, int, int, unsigned long, long const*, SalLayoutGlyphs const*) const at vcl/source/outdev/text.cxx:2334:18
>  #19 in drawinglayer::primitive2d::TextLayouterDevice::getTextBoundRect(rtl::OUString const&, unsigned int, unsigned int) const at drawinglayer/source/primitive2d/textlayoutdevice.cxx:297:26
>  #20 in drawinglayer::primitive2d::TextSimplePortionPrimitive2D::getB2DRange(drawinglayer::geometry::ViewInformation2D const&) const at drawinglayer/source/primitive2d/textprimitive2d.cxx:305:63
>  #21 in drawinglayer::primitive2d::getB2DRangeFromPrimitive2DReference(com::sun::uno::Reference<com::sun::graphic::XPrimitive2D> const&, drawinglayer::geometry::ViewInformation2D const&) at drawinglayer/source/primitive2d/baseprimitive2d.cxx:175:48
>  #22 in drawinglayer::primitive2d::Primitive2DContainer::getB2DRange(drawinglayer::geometry::ViewInformation2D const&) const at drawinglayer/source/primitive2d/baseprimitive2d.cxx:199:36
>  #23 in drawinglayer::primitive2d::MetafilePrimitive2D::create2DDecomposition(drawinglayer::primitive2d::Primitive2DContainer&, drawinglayer::geometry::ViewInformation2D const&) const at drawinglayer/source/primitive2d/metafileprimitive2d.cxx:51:67
>  #24 in drawinglayer::primitive2d::BufferedDecompositionPrimitive2D::get2DDecomposition(drawinglayer::primitive2d::Primitive2DDecompositionVisitor&, drawinglayer::geometry::ViewInformation2D const&) const at drawinglayer/source/primitive2d/baseprimitive2d.cxx:126:17
>  #25 in drawinglayer::tools::Primitive2dXmlDump::decomposeAndWrite(drawinglayer::primitive2d::Primitive2DContainer const&, tools::XmlWriter&) at drawinglayer/source/tools/primitive2dxmldump.cxx:332:38
>  #26 in drawinglayer::tools::Primitive2dXmlDump::dumpAndParse(drawinglayer::primitive2d::Primitive2DContainer const&, rtl::OUString const&) at drawinglayer/source/tools/primitive2dxmldump.cxx:130:5
>  #27 in (anonymous namespace)::Test::checkRectPrimitive(com::sun::uno::Sequence<com::sun::uno::Reference<com::sun::graphic::XPrimitive2D> > const&) at emfio/qa/cppunit/emf/EmfImportTest.cxx:80:34
>  #28 in (anonymous namespace)::Test::testWorking() at emfio/qa/cppunit/emf/EmfImportTest.cxx:94:5

and similarly during CppunitTest_vcl_complextext:

> hb-ot-layout-gsubgpos.hh:417:20: runtime error: applying non-zero offset 2 to null pointer
>  #0 in OT::hb_ot_apply_context_t::skipping_iterator_t::prev() at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:417:20
>  #1 in OT::MarkMarkPosFormat1::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gpos-table.hh:1541:22
>  #2 in bool OT::hb_get_subtables_context_t::apply_to<OT::MarkMarkPosFormat1>(void const*, OT::hb_ot_apply_context_t*) at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:625:23
>  #3 in OT::hb_get_subtables_context_t::hb_applicable_t::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:643:62
>  #4 in OT::hb_ot_layout_lookup_accelerator_t::apply(OT::hb_ot_apply_context_t*) const at workdir/UnpackedTarball/harfbuzz/src/./hb-ot-layout-gsubgpos.hh:2624:24
>  #5 in apply_forward(OT::hb_ot_apply_context_t*, OT::hb_ot_layout_lookup_accelerator_t const&) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1811:24
>  #6 in void apply_string<GPOSProxy>(OT::hb_ot_apply_context_t*, GPOSProxy::Lookup const&, OT::hb_ot_layout_lookup_accelerator_t const&) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1864:11
>  #7 in void hb_ot_map_t::apply<GPOSProxy>(GPOSProxy const&, hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1910:7
>  #8 in hb_ot_map_t::position(hb_ot_shape_plan_t const*, hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-layout.cc:1933:3
>  #9 in hb_ot_shape_plan_t::position(hb_font_t*, hb_buffer_t*) const at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:266:9
>  #10 in hb_ot_position_complex(hb_ot_shape_context_t const*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:951:12
>  #11 in hb_ot_position(hb_ot_shape_context_t const*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:994:3
>  #12 in hb_ot_shape_internal(hb_ot_shape_context_t*) at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:1065:3
>  #13 in _hb_ot_shape at workdir/UnpackedTarball/harfbuzz/src/hb-ot-shape.cc:1088:3
>  #14 in hb_shape_plan_execute at workdir/UnpackedTarball/harfbuzz/src/./hb-shaper-list.hh:42:1
>  #15 in hb_shape_full at workdir/UnpackedTarball/harfbuzz/src/hb-shape.cc:139:19
>  #16 in GenericSalLayout::LayoutText(ImplLayoutArgs&, SalLayoutGlyphs const*) at vcl/source/gdi/CommonSalLayout.cxx:463:23
>  #17 in OutputDevice::ImplLayout(rtl::OUString const&, int, int, Point const&, long, long const*, SalLayoutFlags, vcl::TextLayoutCache const*, SalLayoutGlyphs const*) const at vcl/source/outdev/text.cxx:1312:36
>  #18 in OutputDevice::GetTextArray(rtl::OUString const&, long*, int, int, vcl::TextLayoutCache const*, SalLayoutGlyphs const*) const at vcl/source/outdev/text.cxx:961:45
>  #19 in VclComplexTextTest::testArabic() at vcl/qa/cppunit/complextext.cxx:81:32

I have no idea whether this even remotely resembles a useful fix, though.

Change-Id: I7671b84374cf119e173406bc60f6631a64dfc794
Reviewed-on: https://gerrit.libreoffice.org/81400
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2019-10-23 20:01:50 +02:00

20 lines
428 B
Diff

--- src/hb-ot-layout-gsubgpos.hh
+++ src/hb-ot-layout-gsubgpos.hh
@@ -387,7 +387,7 @@
skip == matcher_t::SKIP_NO))
{
num_items--;
- match_glyph_data++;
+ if (match_glyph_data != nullptr) match_glyph_data++;
return true;
}
@@ -414,7 +414,7 @@
skip == matcher_t::SKIP_NO))
{
num_items--;
- match_glyph_data++;
+ if (match_glyph_data != nullptr) match_glyph_data++;
return true;
}