summaryrefslogtreecommitdiff
path: root/third_party/agg23
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-04-27 19:02:27 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-04-27 19:02:27 +0000
commit77315d696138a83b86ad050870300c2c52935f29 (patch)
tree629e104996da234d77209cd06c422a3300eec793 /third_party/agg23
parent5a2114eced31ce389ede4486d492faf6db4d7a04 (diff)
downloadpdfium-77315d696138a83b86ad050870300c2c52935f29.tar.xz
Fix undefined behavior in AGG.
BUG=chromium:746232 Change-Id: Id8f22d09bc7768603ea67bd52a5a5b3d87885ea9 Reviewed-on: https://pdfium-review.googlesource.com/31370 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'third_party/agg23')
-rw-r--r--third_party/agg23/0004-ubsan-sweep-scanline-error.patch33
-rw-r--r--third_party/agg23/README.pdfium2
-rw-r--r--third_party/agg23/agg_rasterizer_scanline_aa.h9
3 files changed, 42 insertions, 2 deletions
diff --git a/third_party/agg23/0004-ubsan-sweep-scanline-error.patch b/third_party/agg23/0004-ubsan-sweep-scanline-error.patch
new file mode 100644
index 0000000000..3348f0500b
--- /dev/null
+++ b/third_party/agg23/0004-ubsan-sweep-scanline-error.patch
@@ -0,0 +1,33 @@
+diff --git a/third_party/agg23/agg_rasterizer_scanline_aa.h b/third_party/agg23/agg_rasterizer_scanline_aa.h
+index c747ee379..da166bb14 100644
+--- a/third_party/agg23/agg_rasterizer_scanline_aa.h
++++ b/third_party/agg23/agg_rasterizer_scanline_aa.h
+@@ -349,14 +349,14 @@ public:
+ cover += cur_cell->cover;
+ }
+ if(area) {
+- alpha = calculate_alpha((cover << (poly_base_shift + 1)) - area, no_smooth);
++ alpha = calculate_alpha(calculate_area(cover, poly_base_shift + 1) - area, no_smooth);
+ if(alpha) {
+ sl.add_cell(x, alpha);
+ }
+ x++;
+ }
+ if(num_cells && cur_cell->x > x) {
+- alpha = calculate_alpha(cover << (poly_base_shift + 1), no_smooth);
++ alpha = calculate_alpha(calculate_area(cover, poly_base_shift + 1), no_smooth);
+ if(alpha) {
+ sl.add_span(x, cur_cell->x - x, alpha);
+ }
+@@ -458,6 +458,11 @@ private:
+ m_prev_x = x;
+ m_prev_y = y;
+ }
++ static int calculate_area(int cover, int shift) {
++ unsigned int result = cover;
++ result <<= shift;
++ return result;
++ }
+ private:
+ outline_aa m_outline;
+ filling_rule_e m_filling_rule;
diff --git a/third_party/agg23/README.pdfium b/third_party/agg23/README.pdfium
index 4b1ff49146..fa50951c66 100644
--- a/third_party/agg23/README.pdfium
+++ b/third_party/agg23/README.pdfium
@@ -16,3 +16,5 @@ Possibly more?
non-enumeral type in conditional.
0002-ubsan-error-fixes.path: Fix UBSan errors for overflows.
0003-ubsan-render-line-error.patch: Fix UBSan overflow error in render_line.
+0004-ubsan-sweep-scanline-error.patch: Fix UBSan left shift of negative value
+error in sweep_scanline.
diff --git a/third_party/agg23/agg_rasterizer_scanline_aa.h b/third_party/agg23/agg_rasterizer_scanline_aa.h
index c747ee379e..da166bb14a 100644
--- a/third_party/agg23/agg_rasterizer_scanline_aa.h
+++ b/third_party/agg23/agg_rasterizer_scanline_aa.h
@@ -349,14 +349,14 @@ public:
cover += cur_cell->cover;
}
if(area) {
- alpha = calculate_alpha((cover << (poly_base_shift + 1)) - area, no_smooth);
+ alpha = calculate_alpha(calculate_area(cover, poly_base_shift + 1) - area, no_smooth);
if(alpha) {
sl.add_cell(x, alpha);
}
x++;
}
if(num_cells && cur_cell->x > x) {
- alpha = calculate_alpha(cover << (poly_base_shift + 1), no_smooth);
+ alpha = calculate_alpha(calculate_area(cover, poly_base_shift + 1), no_smooth);
if(alpha) {
sl.add_span(x, cur_cell->x - x, alpha);
}
@@ -458,6 +458,11 @@ private:
m_prev_x = x;
m_prev_y = y;
}
+ static int calculate_area(int cover, int shift) {
+ unsigned int result = cover;
+ result <<= shift;
+ return result;
+ }
private:
outline_aa m_outline;
filling_rule_e m_filling_rule;