external/libcdr: Avoid UB converting from double to int via unsigned

Opening cdr/fdo53278-4.cdr as obtained by bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at <https://bugs.documentfoundation.org/show_bug.cgi?id=53278#c14>) under -fsanitize=undefined causes > CDRPath.cpp:821:34: runtime error: -173.908 is outside the range of representable values of type 'unsigned int' > #0 in libcdr::CDRPath::writeOut(librevenge::RVNGString&, librevenge::RVNGString&, double&) const at workdir/UnpackedTarball/libcdr/src/lib/CDRPath.cpp:821:34 (instdir/program/../program/libwpftdrawlo.so +0x2380015) > #1 in libcdr::CDRContentCollector::_lineProperties(librevenge::RVNGPropertyList&) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:1118:17 (instdir/program/../program/libwpftdrawlo.so +0x2090b54) > #2 in libcdr::CDRContentCollector::_flushCurrentPath() at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:240:5 (instdir/program/../program/libwpftdrawlo.so +0x2070a9e) > #3 in libcdr::CDRContentCollector::collectLevel(unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRContentCollector.cpp:563:5 (instdir/program/../program/libwpftdrawlo.so +0x209243d) > #4 in libcdr::CDRParser::parseRecord(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:514:18 (instdir/program/../program/libwpftdrawlo.so +0x213bdff) > #5 in libcdr::CDRParser::parseRecords(librevenge::RVNGInputStream*, std::vector<unsigned int, std::allocator<unsigned int> > const&, unsigned int) at workdir/UnpackedTarball/libcdr/src/lib/CDRParser.cpp:500:10 (instdir/program/../program/libwpftdrawlo.so +0x213b93f) [...] Change-Id: Ie73965851102689ebb7895d61edb3d32ff47c60c Reviewed-on: https://gerrit.libreoffice.org/73181 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2019-05-29 18:31:57 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2019-05-29 21:42:24 +0200
commit: 4c707b78a705d6cc74061433cd01175283fabb2e (patch)
tree: 9a0b2afe00a2fed581591c83b0825d39f00f50e6 /external
parent: c7ece07d2e1b478bf25a976618e9bc5e5bc1a144 (diff)
2 files changed, 68 insertions, 1 deletions
diff --git a/external/libcdr/UnpackedTarball_libcdr.mk b/external/libcdr/UnpackedTarball_libcdr.mk
index 0c61c5962385..d53ea59e2bf6 100644
--- a/external/libcdr/UnpackedTarball_libcdr.mk
+++ b/external/libcdr/UnpackedTarball_libcdr.mk
@@ -16,10 +16,13 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,libcdr,0))
 $(eval $(call gb_UnpackedTarball_update_autoconf_configs,libcdr))
 
 # * external/libcdr/0001-Add-missing-include.patch.1 is from upstream master (see content for
-#   details):
+#   details);
+# * external/libcdr/ubsan.patch is upstream at <https://gerrit.libreoffice.org/#/c/73182/> "Avoid UB
+#   converting from double to int via unsigned":
 $(eval $(call gb_UnpackedTarball_add_patches,libcdr, \
     external/libcdr/libcdr-visibility-win.patch \
     external/libcdr/0001-Add-missing-include.patch.1 \
+    external/libcdr/ubsan.patch \
 ))
 
 ifeq ($(NEED_CLANG_LINUX_UBSAN_RTTI_VISIBILITY),TRUE)
diff --git a/external/libcdr/ubsan.patch b/external/libcdr/ubsan.patch
new file mode 100644
index 000000000000..316c47a45ab9
--- /dev/null
+++ b/external/libcdr/ubsan.patch
@@ -0,0 +1,64 @@
+--- src/lib/CDRPath.cpp
++++ src/lib/CDRPath.cpp
+@@ -796,7 +796,7 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie
+ 
+ 
+   width = qy - py;
+-  viewBox.sprintf("%i %i %i %i", 0, 0, (unsigned)(2540*(qx - px)), (unsigned)(2540*(qy - py)));
++  viewBox.sprintf("%i %i %i %i", 0, 0, (int)(2540*(qx - px)), (int)(2540*(qy - py)));
+ 
+   for (unsigned i = 0; i < vec.count(); ++i)
+   {
+@@ -804,38 +804,38 @@ void CDRPath::writeOut(librevenge::RVNGString &path, librevenge::RVNGString &vie
+     if (vec[i]["librevenge:path-action"]->getStr() == "M")
+     {
+       // 2540 is 2.54*1000, 2.54 in = 1 inch
+-      sElement.sprintf("M%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
++      sElement.sprintf("M%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
+       path.append(sElement);
+     }
+     else if (vec[i]["librevenge:path-action"]->getStr() == "L")
+     {
+-      sElement.sprintf("L%i %i", (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
++      sElement.sprintf("L%i %i", (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
+       path.append(sElement);
+     }
+     else if (vec[i]["librevenge:path-action"]->getStr() == "C")
+     {
+-      sElement.sprintf("C%i %i %i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x2"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y2"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
++      sElement.sprintf("C%i %i %i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x2"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y2"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
+       path.append(sElement);
+     }
+     else if (vec[i]["librevenge:path-action"]->getStr() == "Q")
+     {
+-      sElement.sprintf("Q%i %i %i %i", (unsigned)((vec[i]["svg:x1"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y1"]->getDouble()-py)*2540), (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540),
+-                       (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
++      sElement.sprintf("Q%i %i %i %i", (int)((vec[i]["svg:x1"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y1"]->getDouble()-py)*2540), (int)((vec[i]["svg:x"]->getDouble()-px)*2540),
++                       (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
+       path.append(sElement);
+     }
+     else if (vec[i]["librevenge:path-action"]->getStr() == "A")
+     {
+-      sElement.sprintf("A%i %i %i %i %i %i %i", (unsigned)((vec[i]["svg:rx"]->getDouble())*2540),
+-                       (unsigned)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0),
++      sElement.sprintf("A%i %i %i %i %i %i %i", (int)((vec[i]["svg:rx"]->getDouble())*2540),
++                       (int)((vec[i]["svg:ry"]->getDouble())*2540), (vec[i]["librevenge:rotate"] ? vec[i]["librevenge:rotate"]->getInt() : 0),
+                        (vec[i]["librevenge:large-arc"] ? vec[i]["librevenge:large-arc"]->getInt() : 1),
+                        (vec[i]["librevenge:sweep"] ? vec[i]["librevenge:sweep"]->getInt() : 1),
+-                       (unsigned)((vec[i]["svg:x"]->getDouble()-px)*2540), (unsigned)((vec[i]["svg:y"]->getDouble()-py)*2540));
++                       (int)((vec[i]["svg:x"]->getDouble()-px)*2540), (int)((vec[i]["svg:y"]->getDouble()-py)*2540));
+       path.append(sElement);
+     }
+     else if (vec[i]["librevenge:path-action"]->getStr() == "Z")
author	Stephan Bergmann <sbergman@redhat.com>	2019-05-29 18:31:57 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2019-05-29 21:42:24 +0200
commit	4c707b78a705d6cc74061433cd01175283fabb2e (patch)
tree	9a0b2afe00a2fed581591c83b0825d39f00f50e6 /external
parent	c7ece07d2e1b478bf25a976618e9bc5e5bc1a144 (diff)