fofi/FoFiType1C.cc | 6 +++++- goo/GooCheckedOps.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ goo/gmem.h | 21 ++++++--------------- 3 files changed, 60 insertions(+), 16 deletions(-)
New commits: commit 4244a048e55d7cce0caddc68b6bb21983e670bc4 Author: Adam Reichold <[email protected]> Date: Fri Aug 31 07:33:31 2018 +0200 Replace #pragma once by standard-supported include guards and add missing copyright preamble for new header. diff --git a/goo/GooCheckedOps.h b/goo/GooCheckedOps.h index 78401994..3da6b337 100644 --- a/goo/GooCheckedOps.h +++ b/goo/GooCheckedOps.h @@ -1,4 +1,15 @@ -#pragma once +//======================================================================== +// +// GooCheckedOps.h +// +// This file is licensed under the GPLv2 or later +// +// Copyright (C) 2018 Adam Reichold <[email protected]> +// +//======================================================================== + +#ifndef GOO_CHECKED_OPS_H +#define GOO_CHECKED_OPS_H #include <climits> @@ -34,3 +45,5 @@ inline bool checkedMultiply(int x, int y, int *z) { return checkedAssign(lz, z); #endif } + +#endif // GOO_CHECKED_OPS_H diff --git a/goo/gmem.h b/goo/gmem.h index f2b184eb..9b187c1d 100644 --- a/goo/gmem.h +++ b/goo/gmem.h @@ -23,7 +23,8 @@ // //======================================================================== -#pragma once +#ifndef GMEM_H +#define GMEM_H #include <cstring> #include <cstdlib> @@ -175,3 +176,5 @@ inline char *copyString(const char *s, size_t n) { r[n] = '\0'; return std::strncpy(r, s, n); } + +#endif // GMEM_H commit 5671d3acc6a723ac3cb63866e2f429e0f0075c68 Author: Adam Reichold <[email protected]> Date: Thu Aug 30 21:27:13 2018 +0200 Extend checked operations header with support for Clang in addition to checking for GCC version 5 or later. diff --git a/goo/GooCheckedOps.h b/goo/GooCheckedOps.h index a50152f8..78401994 100644 --- a/goo/GooCheckedOps.h +++ b/goo/GooCheckedOps.h @@ -13,8 +13,12 @@ inline bool checkedAssign(long long lz, int *z) { return false; } +#ifndef __has_builtin + #define __has_builtin(x) 0 +#endif + inline bool checkedAdd(int x, int y, int *z) { -#if __GNUC__ >= 5 +#if __GNUC__ >= 5 || __has_builtin(__builtin_sadd_overflow) return __builtin_sadd_overflow(x, y, z); #else const auto lz = static_cast<long long>(x) + static_cast<long long>(y); @@ -23,7 +27,7 @@ inline bool checkedAdd(int x, int y, int *z) { } inline bool checkedMultiply(int x, int y, int *z) { -#if __GNUC__ >= 5 +#if __GNUC__ >= 5 || __has_builtin(__builtin_smul_overflow) return __builtin_smul_overflow(x, y, z); #else const auto lz = static_cast<long long>(x) * static_cast<long long>(y); commit ed28a5612fc0bf8580ccd360ae086fc715d19b35 Author: Adam Reichold <[email protected]> Date: Thu Aug 30 20:56:33 2018 +0200 Fix delta decoding for Type1C fonts to avoid signed integer overflow. oss-fuzz/8424 diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc index caa4b42b..63518452 100644 --- a/fofi/FoFiType1C.cc +++ b/fofi/FoFiType1C.cc @@ -2663,7 +2663,11 @@ int FoFiType1C::getDeltaIntArray(int *arr, int maxLen) { } x = 0; for (i = 0; i < n; ++i) { - x += (int)ops[i].num; + int y; + if (checkedAdd(x, (int)ops[i].num, &y)) { + return i; + } + x = y; arr[i] = x; } return n; commit de20e92a70e73d828984f41f52212051fba51700 Author: Adam Reichold <[email protected]> Date: Thu Aug 30 20:54:17 2018 +0200 Factor out overflow-checked multiplication into a separate header for extension and reuse. diff --git a/goo/GooCheckedOps.h b/goo/GooCheckedOps.h new file mode 100644 index 00000000..a50152f8 --- /dev/null +++ b/goo/GooCheckedOps.h @@ -0,0 +1,32 @@ +#pragma once + +#include <climits> + +inline bool checkedAssign(long long lz, int *z) { + static_assert(LLONG_MAX > INT_MAX, "Need type larger than int to perform overflow checks."); + + if (lz > INT_MAX || lz < INT_MIN) { + return true; + } + + *z = static_cast<int>(lz); + return false; +} + +inline bool checkedAdd(int x, int y, int *z) { +#if __GNUC__ >= 5 + return __builtin_sadd_overflow(x, y, z); +#else + const auto lz = static_cast<long long>(x) + static_cast<long long>(y); + return checkedAssign(lz, z); +#endif +} + +inline bool checkedMultiply(int x, int y, int *z) { +#if __GNUC__ >= 5 + return __builtin_smul_overflow(x, y, z); +#else + const auto lz = static_cast<long long>(x) * static_cast<long long>(y); + return checkedAssign(lz, z); +#endif +} diff --git a/goo/gmem.h b/goo/gmem.h index 1422322a..f2b184eb 100644 --- a/goo/gmem.h +++ b/goo/gmem.h @@ -28,7 +28,8 @@ #include <cstring> #include <cstdlib> #include <cstdio> -#include <climits> + +#include "GooCheckedOps.h" /// Same as malloc, but prints error message and exits if malloc() returns NULL. inline void *gmalloc(size_t size, bool checkoverflow = false) { @@ -94,19 +95,6 @@ inline void *grealloc_checkoverflow(void *p, size_t size) { * the application if a overflow is detected. */ -inline bool checkedMultiply(int x, int y, int *z) { -#if __GNUC__ >= 5 - return __builtin_smul_overflow(x, y, z); -#else - if (x != 0 && INT_MAX / x < y) { - return true; - } - - *z = x * y; - return false; -#endif -} - inline void *gmallocn(int count, int size, bool checkoverflow = false) { if (count == 0) { return nullptr; _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
