external/harfbuzz/UnpackedTarball_harfbuzz.mk | 3 ++-
external/harfbuzz/ubsan.patch | 11 +++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
New commits:
commit 2c26112912d8cad961c2eedaabe3d551ac1f2acb
Author: Stephan Bergmann <stephan.bergm...@collabora.com>
AuthorDate: Fri Aug 22 08:36:25 2025 +0200
Commit: Stephan Bergmann <stephan.bergm...@collabora.com>
CommitDate: Fri Aug 22 12:31:03 2025 +0200
external/harfbuzz: Avoid UBSan nullptr-with-nonzero-offset
...as seen during CppunitTest_vcl_lifecycle,
> ../src/hb-vector.hh:447:33: runtime error: applying non-zero offset
18446744073709551264 to null pointer
> #0 0x7ffb5ab18a06 in
hb_vector_t<AAT::kern_subtable_accelerator_data_t,
false>::shrink_vector(unsigned int)
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-vector.hh:447:33
> #1 0x7ffb5ab1e1ba in
hb_vector_t<AAT::kern_subtable_accelerator_data_t, false>::fini()
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-vector.hh:163:5
> #2 0x7ffb5ab1e168 in
hb_vector_t<AAT::kern_subtable_accelerator_data_t, false>::~hb_vector_t()
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-vector.hh:85:21
> #3 0x7ffb5ab00c45 in
AAT::kern_accelerator_data_t::~kern_accelerator_data_t()
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-aat-layout-kerx-table.hh:931:8
> #4 0x7ffb5ab0039b in
AAT::KerxTable<AAT::kerx>::accelerator_t::accelerator_t(hb_face_t*)
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-aat-layout-kerx-table.hh:1151:7
> #5 0x7ffb5ab000cc in
AAT::kerx_accelerator_t::kerx_accelerator_t(hb_face_t*)
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-aat-layout-kerx-table.hh:1198:42
> #6 0x7ffb5ab00022 in hb_lazy_loader_t<AAT::kerx_accelerator_t,
hb_face_lazy_loader_t<AAT::kerx_accelerator_t, 30u>, hb_face_t, 30u,
AAT::kerx_accelerator_t>::create(hb_face_t*)
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-machinery.hh:266:19
> #7 0x7ffb5aaffd4e in AAT::kerx_accelerator_t*
hb_data_wrapper_t<hb_face_t, 30u>::call_create<AAT::kerx_accelerator_t,
hb_face_lazy_loader_t<AAT::kerx_accelerator_t, 30u> >() const
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-machinery.hh:166:42
> #8 0x7ffb5aaffa54 in hb_lazy_loader_t<AAT::kerx_accelerator_t,
hb_face_lazy_loader_t<AAT::kerx_accelerator_t, 30u>, hb_face_t, 30u,
AAT::kerx_accelerator_t>::get_stored() const
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-machinery.hh:229:26
> #9 0x7ffb5aaff918 in hb_lazy_loader_t<AAT::kerx_accelerator_t,
hb_face_lazy_loader_t<AAT::kerx_accelerator_t, 30u>, hb_face_t, 30u,
AAT::kerx_accelerator_t>::get() const
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-machinery.hh:253:58
> #10 0x7ffb5a9d3a78 in hb_lazy_loader_t<AAT::kerx_accelerator_t,
hb_face_lazy_loader_t<AAT::kerx_accelerator_t, 30u>, hb_face_t, 30u,
AAT::kerx_accelerator_t>::operator->() const
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-machinery.hh:213:50
> #11 0x7ffb5a9bc608 in hb_aat_layout_has_positioning
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-aat-layout.cc:359:10
> #12 0x7ffb5b1169be in
hb_ot_shape_planner_t::compile(hb_ot_shape_plan_t&, hb_ot_shape_plan_key_t
const&) /workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-ot-shape.cc:158:19
> #13 0x7ffb5b117ffc in hb_ot_shape_plan_t::init0(hb_face_t*,
hb_shape_plan_key_t const*)
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-ot-shape.cc:239:11
> #14 0x7ffb5b19307b in hb_shape_plan_create2
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-shape-plan.cc:261:7
> #15 0x7ffb5b1954bd in hb_shape_plan_create_cached2
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-shape-plan.cc:554:33
> #16 0x7ffb5b199535 in hb_shape_full
/workdir/UnpackedTarball/harfbuzz/builddir/../src/hb-shape.cc:145:33
> #17 0x7ffb57ffa071 in
GenericSalLayout::LayoutText(vcl::text::ImplLayoutArgs&, SalLayoutGlyphsImpl
const*) /vcl/source/gdi/CommonSalLayout.cxx:606:23
> #18 0x7ffb56c08519 in OutputDevice::ImplLayout(rtl::OUString const&,
int, int, Point const&, long, std::span<double const, 18446744073709551615ul>,
std::span<unsigned char const, 18446744073709551615ul>, SalLayoutFlags,
vcl::text::TextLayoutCache const*, SalLayoutGlyphs const*, std::optional<int>,
std::optional<int>, std::optional<int>) const
/vcl/source/outdev/text.cxx:1259:36
> #19 0x7ffb56c0fafb in OutputDevice::GetPartialTextArray(rtl::OUString
const&, std::__debug::vector<double, std::allocator<double> >*, int, int, int,
int, bool, vcl::text::TextLayoutCache const*, SalLayoutGlyphs const*,
std::optional<tools::Rectangle>*) const /vcl/source/outdev/text.cxx:791:22
> #20 0x7ffb56c0a375 in OutputDevice::GetTextArray(rtl::OUString
const&, std::__debug::vector<double, std::allocator<double> >*, int, int, bool,
vcl::text::TextLayoutCache const*, SalLayoutGlyphs const*,
std::optional<tools::Rectangle>*) const /vcl/source/outdev/text.cxx:760:12
> #21 0x7ffb56c0a1b0 in OutputDevice::GetTextWidthDouble(rtl::OUString
const&, int, int, vcl::text::TextLayoutCache const*, SalLayoutGlyphs const*)
const /vcl/source/outdev/text.cxx:632:12
> #22 0x7ffb56c0a058 in OutputDevice::GetTextWidth(rtl::OUString
const&, int, int, vcl::text::TextLayoutCache const*, SalLayoutGlyphs const*)
const /vcl/source/outdev/text.cxx:624:21
> #23 0x7ffb5943b739 in
FontMetricData::ImplInitTextLineSize(OutputDevice const*)
/vcl/source/font/fontmetric.cxx:262:30
> #24 0x7ffb56baf404 in OutputDevice::ImplNewFont() const
/vcl/source/outdev/font.cxx:741:38
> #25 0x7ffb56ba1d10 in OutputDevice::InitFont() const
/vcl/source/outdev/font.cxx:644:10
> #26 0x7ffb56c0a463 in OutputDevice::GetTextHeight() const
/vcl/source/outdev/text.cxx:637:10
> #27 0x7ffb55ea641c in vcl::Window::GetTextHeight() const
/vcl/source/window/window3.cxx:66:65
> #28 0x7ffb55ee73fc in vcl::Window::ImplInitAppFontData(vcl::Window
const*) /vcl/source/window/window.cxx:1185:40
> #29 0x7ffb55ebd975 in vcl::Window::ImplInit(vcl::Window*, long,
SystemParentData*) /vcl/source/window/window.cxx:1179:9
> #30 0x7ffb5604436f in PushButton::ImplInit(vcl::Window*, long)
/vcl/source/control/button.cxx:684:13
> #31 0x7ffb56054dce in PushButton::PushButton(vcl::Window*, long)
/vcl/source/control/button.cxx:1267:5
> #32 0x7ffb31a7b56a in
ScopedVclPtrInstance<PushButton>::ScopedVclPtrInstance<std::nullptr_t,
int>(std::nullptr_t&&, int&&) /include/vcl/vclptr.hxx:361:45
> #33 0x7ffb31a4ee34 in LifecycleTest::testCast()
/vcl/qa/cppunit/lifecycle.cxx:57:40
(<https://ci.libreoffice.org//job/lo_ubsan/3658/>)
Change-Id: I00d0b9524042641170d6d2e9933a0f71fc6a6e60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/190045
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@collabora.com>
diff --git a/external/harfbuzz/UnpackedTarball_harfbuzz.mk
b/external/harfbuzz/UnpackedTarball_harfbuzz.mk
index dba3442cfb88..91873292619d 100644
--- a/external/harfbuzz/UnpackedTarball_harfbuzz.mk
+++ b/external/harfbuzz/UnpackedTarball_harfbuzz.mk
@@ -13,10 +13,11 @@ $(eval $(call
gb_UnpackedTarball_set_tarball,harfbuzz,$(HARFBUZZ_TARBALL),,harfb
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,harfbuzz))
-$(eval $(call gb_UnpackedTarball_set_patchlevel,harfbuzz,1))
+$(eval $(call gb_UnpackedTarball_set_patchlevel,harfbuzz,0))
$(eval $(call gb_UnpackedTarball_add_patches,harfbuzz, \
external/harfbuzz/harfbuzz_visibility.patch.1 \
+ external/harfbuzz/ubsan.patch \
))
# meson will replace python3 from shebang in build commands with the
diff --git a/external/harfbuzz/ubsan.patch b/external/harfbuzz/ubsan.patch
new file mode 100644
index 000000000000..edc8ac49bbb3
--- /dev/null
+++ b/external/harfbuzz/ubsan.patch
@@ -0,0 +1,11 @@
+--- src/hb-vector.hh
++++ src/hb-vector.hh
+@@ -444,7 +444,7 @@
+ if (!std::is_trivially_destructible<Type>::value)
+ {
+ unsigned count = length - size;
+- Type *p = arrayZ + length - 1;
++ Type *p = count == 0 ? nullptr : arrayZ + length - 1;
+ while (count--)
+ p--->~Type ();
+ }
