Kaydet (Commit) 4c707b78 authored tarafından Stephan Bergmann's avatar Stephan Bergmann

external/libcdr: Avoid UB converting from double to int via unsigned

Opening cdr/fdo53278-4.cdr as obtained by
bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at
<https://bugs.documentfoundation.org/show_bug.cgi?id=53278#c14>) under
-fsanitize=undefined causes

> CDRPath.cpp:821:34: runtime error: -173.908 is outside the range of representable values of type 'unsigned int'
>  #0 in libcdr::CDRPath::writeOut(librevenge::RVNGString&, librevenge::RVNGString&, double&) const at workdir/UnpackedTarball/libcdr/src/lib/CDRPath.cpp:821:34 (instdir/program/../program/libwpftdrawlo.so +0x2380015)
>  #1 in libcdr::CDRContentCollector::_lineProperties(librevenge::RVNGPropertyList&) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:1118:17 (instdir/program/../program/libwpftdrawlo.so +0x2090b54)
>  #2 in libcdr::CDRContentCollector::_flushCurrentPath() at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:240:5 (instdir/program/../program/libwpftdrawlo.so +0x2070a9e)
>  #3 in libcdr::CDRContentCollector::collectLevel(unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:563:5 (instdir/program/../program/libwpftdrawlo.so +0x209243d)
>  #4 in libcdr::CDRParser::parseRecord(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:514:18 (instdir/program/../program/libwpftdrawlo.so +0x213bdff)
>  #5 in libcdr::CDRParser::parseRecords(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:500:10 (instdir/program/../program/libwpftdrawlo.so +0x213b93f)
[...]

Change-Id: Ie73965851102689ebb7895d61edb3d32ff47c60c
Reviewed-on: https://gerrit.libreoffice.org/73181
Tested-by: Jenkins
Reviewed-by: 's avatarStephan Bergmann <sbergman@redhat.com>
üst c7ece07d
......@@ -16,10 +16,13 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,libcdr,0))
$(eval $(call gb_UnpackedTarball_update_autoconf_configs,libcdr))
# * external/libcdr/0001-Add-missing-include.patch.1 is from upstream master (see content for
# details):
# details);
# * external/libcdr/ubsan.patch is upstream at <https://gerrit.libreoffice.org/#/c/73182/> "Avoid UB
# converting from double to int via unsigned":
$(eval $(call gb_UnpackedTarball_add_patches,libcdr, \
external/libcdr/libcdr-visibility-win.patch \
external/libcdr/0001-Add-missing-include.patch.1 \
external/libcdr/ubsan.patch \
))
ifeq ($(NEED_CLANG_LINUX_UBSAN_RTTI_VISIBILITY),TRUE)
......
--- src/lib/CDRPath.cpp
+++ src/lib/CDRPath.cpp
@@ -796,7 +796,7 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie
width = qy - py;
- viewBox.sprintf("%i %i %i %i", 0, 0, (unsigned)(2540*(qx - px)), (unsigned)(2540*(qy - py)));
+ viewBox.sprintf("%i %i %i %i", 0, 0, (int)(2540*(qx - px)), (int)(2540*(qy - py)));
for (unsigned i = 0; i < vec.count(); ++i)
{
@@ -804,38 +804,38 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie
if (vec[i]["librevenge:path-action"]->getStr() == "M")
{
// 2540 is 2.54*1000, 2.54 in = 1 inch
- sElement.sprintf("M%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
+ sElement.sprintf("M%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
path.append(sElement);
}
else if (vec[i]["librevenge:path-action"]->getStr() == "L")
{
- sElement.sprintf("L%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
+ sElement.sprintf("L%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
path.append(sElement);
}
else if (vec[i]["librevenge:path-action"]->getStr() == "C")
{
- sElement.sprintf("C%i %i %i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x2"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y2"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
+ sElement.sprintf("C%i %i %i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x2"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y2"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
path.append(sElement);
}
else if (vec[i]["librevenge:path-action"]->getStr() == "Q")
{
- sElement.sprintf("Q%i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
- (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
+ sElement.sprintf("Q%i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
+ (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
path.append(sElement);
}
else if (vec[i]["librevenge:path-action"]->getStr() == "A")
{
- sElement.sprintf("A%i %i %i %i %i %i %i", (unsigned)((vec[i]["svg:rx"]->getDouble())*2540),
- (unsigned)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0),
+ sElement.sprintf("A%i %i %i %i %i %i %i", (int)((vec[i]["svg:rx"]->getDouble())*2540),
+ (int)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0),
(vec[i]["librevenge:large-arc"] ? vec[i]["librevenge:large-arc"]->getInt() : 1),
(vec[i]["librevenge:sweep"] ? vec[i]["librevenge:sweep"]->getInt() : 1),
- (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
+ (int)((vec[i]["svg:x"]->getDouble()-px)*2540), (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
path.append(sElement);
}
else if (vec[i]["librevenge:path-action"]->getStr() == "Z")
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment