freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] [PATCH RFC] src/sfnt/ttsbit0.c: fix broken pointer overfl

From: Werner LEMBERG
Subject: Re: [ft-devel] [PATCH RFC] src/sfnt/ttsbit0.c: fix broken pointer overflow checks
Date: Mon, 28 Jan 2013 20:34:40 +0100 (CET) 
> I do find some signed overflows, using a homemade static checker.
> 
> src/cache/ftcbasic.c:360
> src/cache/ftcbasic.c:695
> 
>   if ( (FT_ULong)(type->flags - FT_INT_MIN) > FT_UINT_MAX )
> 
> gcc optimizes this check away.  [...]

This happens on 32bit hosts also?  Can you advise a patch?

> There is another possible overflow that I don't understand.
> 
> src/raster/ftraster.c:3052
> 
>   if ( e1 > e2 || ...)
> 
> Is e1 > e2 only possible on signed overflow?

Why do you think that this test has anything to do with overflow?
Values `e1' and `e2' are floored and ceiled so that the lower 6 or 12
bits (depending on `ras.precision') are zero.  Then a comparison is
done whether e1 > e2.  There is no overflow involved at all.


    Werner
reply via email to
[Prev in Thread] Current Thread [Next in Thread]