From b73313ade75130bf86ad1efbd312ce4106166089 Mon Sep 17 00:00:00 2001 From: Ebrahim Byagowi Date: Wed, 18 Sep 2019 00:50:32 +0430 Subject: [PATCH] Don't seek of out-of-bound value even if the result is not used Fixes this -fno-sanitize-recover=undefined fail, /set/iter: hb-algs.hh:1016:60: runtime error: index 4294967295 out of bounds for type 'unsigned long long const[8]' #0 0x4d1e09 in hb_vector_size_t::operator[](unsigned int) const /home/user/code/harfbuzz/src/./hb-algs.hh:1016:60 #1 0x4d8b5f in hb_set_t::page_t::previous(unsigned int*) const /home/user/code/harfbuzz/src/./hb-set.hh:139:53 #2 0x4d0ada in hb_set_t::previous(unsigned int*) const /home/user/code/harfbuzz/src/./hb-set.hh:602:36 #3 0x4cd76f in hb_set_previous /home/user/code/harfbuzz/src/hb-set.cc:494:15 #4 0x4ca8af in test_set_iter /home/user/code/harfbuzz/test/api/test-set.c:310:3 #5 0x7f3a4f3e0f49 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72f49) #6 0x7f3a4f3e0e7a (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72e7a) #7 0x7f3a4f3e1121 in g_test_run_suite (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73121) #8 0x7f3a4f3e1140 in g_test_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73140) #9 0x4c8894 in hb_test_run /home/user/code/harfbuzz/test/api/./hb-test.h:88:10 #10 0x4c8894 in main /home/user/code/harfbuzz/test/api/test-set.c:408:10 #11 0x7f3a4e3d2b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #12 0x41e7d9 in _start (/home/user/code/harfbuzz/test/api/test-set+0x41e7d9) --- src/hb-set.hh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/hb-set.hh b/src/hb-set.hh index 6e1295d5f..36d11c031 100644 --- a/src/hb-set.hh +++ b/src/hb-set.hh @@ -136,12 +136,17 @@ struct hb_set_t unsigned int j = m & ELT_MASK; const elt_t vv = v[i] & ((elt_t (1) << (j + 1)) - 1); - for (const elt_t *p = &vv; (int) i >= 0; p = &v[--i]) + const elt_t *p = &vv; + while (true) + { if (*p) { *codepoint = i * ELT_BITS + elt_get_max (*p); return true; } + if ((int) i <= 0) break; + p = &v[--i]; + } *codepoint = INVALID; return false;