Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-14 Thread Werner LEMBERG
> I'm not sure what exactly points of discussion are, but in HarfBuzz > we do purposefully ignore position overflows. We use a macro like > this for that: > > #define HB_NO_SANITIZE_SIGNED_INTEGER_OVERFLOW > __attribute__((no_sanitize("signed-integer-overflow"))) > > If you want to copy the

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-14 Thread Werner LEMBERG
> @Werner: should I apply it? Yes, please. Werner ___ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-13 Thread Behdad Esfahbod
I'm not sure what exactly points of discussion are, but in HarfBuzz we do purposefully ignore position overflows. We use a macro like this for that: #define HB_NO_SANITIZE_SIGNED_INTEGER_OVERFLOW __attribute__((no_sanitize("signed-integer-overflow"))) If you want to copy the macro, please copy

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-13 Thread armin
>> Whether with -wrapv or with the unsigned macros, we simply disable >> some compiler optimizations, perhaps some good optimizations too. > > Most certainly, yes. But there are a lot more things that slow down the > potential performance of FreeType -- C in itself is a trade-off between >

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-13 Thread armin
> Whether with -wrapv or with the unsigned macros, we simply disable some > compiler optimizations, perhaps some good optimizations too. Most certainly, yes. But there are a lot more things that slow down the potential performance of FreeType -- C in itself is a trade-off between

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-12 Thread Alexei Podtelezhnikov
On Sat, Aug 10, 2019 at 7:32 PM Nikolaus Waxweiler wrote: > > > Undefined does not mean scary. > > Actually yes. Have you read e.g. > http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html? > Whether with -wrapv or with the unsigned macros, we simply disable some compiler

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-10 Thread Nikolaus Waxweiler
Undefined does not mean scary. Actually yes. Have you read e.g. http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html? Why do we even care? The burden is actually on the compiler to not do anything crazy or face consequences from users and public. For some reason the

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-10 Thread Alexei Podtelezhnikov
> This, sadly, brings us back to the current way of dealing with these things; > adding ugly macros that transfer these operations from UB space into defined > C space ... Not saying I'm happy with that but I believe this is the > cleanest solution in the big picture right now. Undefined

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-10 Thread armin
>> .. and undo those macros? > > Well, if you then can? Signed integer overflow being undefined strikes me as a > severe deficiency in the C language. This of course makes -wrapv a compiler > level workaround, which may not be available to every compiler FreeType wants > to support. Hm. It's one

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-10 Thread Nikolaus Waxweiler
> > .. and undo those macros? > Well, if you then can? Signed integer overflow being undefined strikes me as a severe deficiency in the C language. This of course makes -wrapv a compiler level workaround, which may not be available to every compiler FreeType wants to support. Hm. >

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-09 Thread Alexei Podtelezhnikov
On Fri, Aug 9, 2019 at 2:38 PM Nikolaus Waxweiler wrote: > > This makes me wonder if maybe FreeType should be compiled with -wrapv > by default? .. and undo those macros? These warnings are OCD in its ugliest. It is fleetingly rare when they reveal real bugs. We silence them but pay dearly with

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-09 Thread Nikolaus Waxweiler
This makes me wonder if maybe FreeType should be compiled with -wrapv by default? ___ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-07 Thread armin
> Thanks for looking into it. FWIW, my commit merely re-enabled an older code > path. NW we've already fixed a lot of those that came up in our own fuzzers :) ... it's actually harmless but a side product of fuzzers throwing super random input at apps. Some overflow when facing gigantic glyphs

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-06 Thread Nikolaus Waxweiler
Thanks for looking into it. FWIW, my commit merely re-enabled an older code path. ___ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] Fwd: Issue 977845 in chromium: pdf_font_fuzzer: Integer-overflow in compute_glyph_metrics

2019-08-06 Thread armin
Thanks for sending that in -- looks harmless but is worth fixing; if for nothing else but avoiding these kinds of reports in apps that fuzz FreeType ;) I'll happily look into it later and provide a fix. Armin -Original Message- From: Freetype-devel On Behalf Of Nikolaus Waxweiler