ref: dfc9a049ded53e2ca5c9b935f912a476d6f676ed
parent: 551bd3a90e352fa3a66ee7644c07440939c03d81
author: Werner Lemberg <[email protected]>
date: Thu Dec 5 03:44:30 EST 2019
* src/truetype/ttinterp.c (TT_RunIns): Use `FT_OFFSET'. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1030614
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-12-05 Werner Lemberg <[email protected]>
+
+ * src/truetype/ttinterp.c (TT_RunIns): Use `FT_OFFSET'.
+
+ Reported as
+
+ https://bugs.chromium.org/p/chromium/issues/detail?id=1030614
+
2019-12-03 Werner Lemberg <[email protected]>
More nullptr offset UBSan warnings (#57331, #57347).
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -8567,7 +8567,7 @@
case FT_ERR( Invalid_Opcode ):
{TT_DefRecord* def = exc->IDefs;
- TT_DefRecord* limit = def + exc->numIDefs;
+ TT_DefRecord* limit = FT_OFFSET( def, exc->numIDefs );
for ( ; def < limit; def++ )