Proposed quick patch attached. On Thu, Nov 25, 2021 at 9:44 PM Michal Sudolsky <[email protected]> wrote:
> This function sometimes takes negative values for example when
> contourCount is -1 (0xFFFF) which is UB "For negative a, the behavior of a
> << b is undefined.". Possible output from sanitizer:
>
> podofo/doc/PdfFontTTFSubset.cpp:73:18: runtime error: left shift of
> negative value -1
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> podofo/doc/PdfFontTTFSubset.cpp:73:18 in
>
> inline short Big2Little(short big)
> {
> return ((big << 8) & 0xFF00) | ((big >> 8) & 0x00FF);
> }
>
> Called from here:
>
> GetData( ctx.ulGlyfTableOffset + ctx.glyphData.glyphAddress,
> &ctx.contourCount, __LENGTH_WORD);
> ctx.contourCount = Big2Little(ctx.contourCount);
> if (ctx.contourCount < 0) {
> /* skeep over numberOfContours, xMin, yMin, xMax and yMax
> */
> LoadCompound(ctx, ctx.glyphData.glyphAddress + 5 *
> __LENGTH_WORD);
>
>
patch.diff
Description: Binary data
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
