[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] [PATCH RFC] src/sfnt/ttsbit0.c: fix broken pointer overfl
From: |
Werner LEMBERG |
Subject: |
Re: [ft-devel] [PATCH RFC] src/sfnt/ttsbit0.c: fix broken pointer overflow checks |
Date: |
Mon, 28 Jan 2013 20:34:40 +0100 (CET) |
> I do find some signed overflows, using a homemade static checker.
>
> src/cache/ftcbasic.c:360
> src/cache/ftcbasic.c:695
>
> if ( (FT_ULong)(type->flags - FT_INT_MIN) > FT_UINT_MAX )
>
> gcc optimizes this check away. [...]
This happens on 32bit hosts also? Can you advise a patch?
> There is another possible overflow that I don't understand.
>
> src/raster/ftraster.c:3052
>
> if ( e1 > e2 || ...)
>
> Is e1 > e2 only possible on signed overflow?
Why do you think that this test has anything to do with overflow?
Values `e1' and `e2' are floored and ceiled so that the lower 6 or 12
bits (depending on `ras.precision') are zero. Then a comparison is
done whether e1 > e2. There is no overflow involved at all.
Werner