ref: 69414e7afd41e18f82190c32670dc1784676be9c
parent: 248eaa4f601381bdcb584c16a370b5e0ad553613
author: Werner Lemberg <[email protected]>
date: Tue Jan 3 01:53:13 EST 2017
* src/cff/cffparse.c (cff_parse_num): Simplify.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2017-01-03 Werner Lemberg <[email protected]>
+ * src/cff/cffparse.c (cff_parse_num): Simplify.
+
+2017-01-03 Werner Lemberg <[email protected]>
+
Various fixes for clang's undefined behaviour sanitizer.
* src/cff/cffload.c (FT_fdot14ToFixed): Fix casting.
@@ -6,8 +10,8 @@
(cff_blend_doBlend): Don't left-shift negative numbers.
Handle 5-byte numbers byte by byte to avoid alignment issues.
- * src/cff/cffparse.c (cff_parse): Handle 5-byte numbers byte by byte
- to avoid alignment issues.
+ * src/cff/cffparse.c (cff_parse_num): Handle 5-byte numbers byte by
+ byte to avoid alignment issues.
* src/cid/cidload (cid_read_subrs): Do nothing if we don't have any
subrs.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -448,13 +448,21 @@
/* 16.16 fixed point is used internally for CFF2 blend results. */
/* Since these are trusted values, a limit check is not needed. */
- /* After the 255, 4 bytes give the number. */
- /* Blend result is rounded to integer. */
+ /* After the 255, 4 bytes give the number. */
+ /* The blend value is converted to integer, with rounding; */
+ /* due to the right-shift we don't need the lowest byte. */
+#if 0
return (FT_Short)(
- ( ( ( (FT_ULong)*( d[0] + 1 ) << 24 ) |
- ( (FT_ULong)*( d[0] + 2 ) << 16 ) |
- ( (FT_ULong)*( d[0] + 3 ) << 8 ) |
- (FT_ULong)*( d[0] + 4 ) ) + 0x8000U ) >> 16 );
+ ( ( ( (FT_UInt32)*( d[0] + 1 ) << 24 ) |
+ ( (FT_UInt32)*( d[0] + 2 ) << 16 ) |
+ ( (FT_UInt32)*( d[0] + 3 ) << 8 ) |
+ (FT_UInt32)*( d[0] + 4 ) ) + 0x8000U ) >> 16 );
+#else
+ return (FT_Short)(
+ ( ( ( (FT_UInt32)*( d[0] + 1 ) << 16 ) |
+ ( (FT_UInt32)*( d[0] + 2 ) << 8 ) |
+ (FT_UInt32)*( d[0] + 3 ) ) + 0x80U ) >> 8 );
+#endif
}
else