[base, truetype] Silence UBSAN (cont'd).

* src/truetype/ttinterp.c (TT_MulFix14, TT_DotFix14): Use MUL_INT64. * include/freetype/internal/ftcalc.c (FT_MulFix): Ditto.
2025-04-18 11:24:00 +03:00 · 2025-04-15 18:49:36 +00:00 · 2025-04-15 18:49:36 +00:00 · ccabe7ac02
commit ccabe7ac02
parent dc55f4e6c1
2 changed files with 54 additions and 53 deletions
--- a/include/freetype/internal/ftcalc.h
+++ b/include/freetype/internal/ftcalc.h
@ -27,6 +27,56 @@
 FT_BEGIN_HEADER


+  /*
+   * The following macros have two purposes.
+   *
+   * - Tag places where overflow is expected and harmless.
+   *
+   * - Avoid run-time undefined behavior sanitizer errors.
+   *
+   * Use with care!
+   */
+#define ADD_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) + (FT_UInt)(b) )
+#define SUB_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) - (FT_UInt)(b) )
+#define MUL_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) * (FT_UInt)(b) )
+#define NEG_INT( a )                              \
+          (FT_Int)( (FT_UInt)0 - (FT_UInt)(a) )
+
+#define ADD_LONG( a, b )                             \
+          (FT_Long)( (FT_ULong)(a) + (FT_ULong)(b) )
+#define SUB_LONG( a, b )                             \
+          (FT_Long)( (FT_ULong)(a) - (FT_ULong)(b) )
+#define MUL_LONG( a, b )                             \
+          (FT_Long)( (FT_ULong)(a) * (FT_ULong)(b) )
+#define NEG_LONG( a )                                \
+          (FT_Long)( (FT_ULong)0 - (FT_ULong)(a) )
+
+#define ADD_INT32( a, b )                               \
+          (FT_Int32)( (FT_UInt32)(a) + (FT_UInt32)(b) )
+#define SUB_INT32( a, b )                               \
+          (FT_Int32)( (FT_UInt32)(a) - (FT_UInt32)(b) )
+#define MUL_INT32( a, b )                               \
+          (FT_Int32)( (FT_UInt32)(a) * (FT_UInt32)(b) )
+#define NEG_INT32( a )                                  \
+          (FT_Int32)( (FT_UInt32)0 - (FT_UInt32)(a) )
+
+#ifdef FT_INT64
+
+#define ADD_INT64( a, b )                               \
+          (FT_Int64)( (FT_UInt64)(a) + (FT_UInt64)(b) )
+#define SUB_INT64( a, b )                               \
+          (FT_Int64)( (FT_UInt64)(a) - (FT_UInt64)(b) )
+#define MUL_INT64( a, b )                               \
+          (FT_Int64)( (FT_UInt64)(a) * (FT_UInt64)(b) )
+#define NEG_INT64( a )                                  \
+          (FT_Int64)( (FT_UInt64)0 - (FT_UInt64)(a) )
+
+#endif /* FT_INT64 */
+
+
  /**************************************************************************
   *
   * FT_MulDiv() and FT_MulFix() are declared in freetype.h.
@ -41,7 +91,7 @@ FT_BEGIN_HEADER
  FT_MulFix_64( FT_Long  a,
                FT_Long  b )
  {
-    FT_Int64  ab = (FT_Int64)( (FT_UInt64)a * (FT_UInt64)b );
+    FT_Int64  ab = MUL_INT64( a, b );


    ab += 0x8000 + ( ab >> 63 );  /* rounding phase */
@ -449,55 +499,6 @@ FT_BEGIN_HEADER

 #define ROUND_F26DOT6( x )     ( ( (x) + 32 - ( x < 0 ) ) & -64 )

-  /*
-   * The following macros have two purposes.
-   *
-   * - Tag places where overflow is expected and harmless.
-   *
-   * - Avoid run-time sanitizer errors.
-   *
-   * Use with care!
-   */
-#define ADD_INT( a, b )                           \
-          (FT_Int)( (FT_UInt)(a) + (FT_UInt)(b) )
-#define SUB_INT( a, b )                           \
-          (FT_Int)( (FT_UInt)(a) - (FT_UInt)(b) )
-#define MUL_INT( a, b )                           \
-          (FT_Int)( (FT_UInt)(a) * (FT_UInt)(b) )
-#define NEG_INT( a )                              \
-          (FT_Int)( (FT_UInt)0 - (FT_UInt)(a) )
-
-#define ADD_LONG( a, b )                             \
-          (FT_Long)( (FT_ULong)(a) + (FT_ULong)(b) )
-#define SUB_LONG( a, b )                             \
-          (FT_Long)( (FT_ULong)(a) - (FT_ULong)(b) )
-#define MUL_LONG( a, b )                             \
-          (FT_Long)( (FT_ULong)(a) * (FT_ULong)(b) )
-#define NEG_LONG( a )                                \
-          (FT_Long)( (FT_ULong)0 - (FT_ULong)(a) )
-
-#define ADD_INT32( a, b )                               \
-          (FT_Int32)( (FT_UInt32)(a) + (FT_UInt32)(b) )
-#define SUB_INT32( a, b )                               \
-          (FT_Int32)( (FT_UInt32)(a) - (FT_UInt32)(b) )
-#define MUL_INT32( a, b )                               \
-          (FT_Int32)( (FT_UInt32)(a) * (FT_UInt32)(b) )
-#define NEG_INT32( a )                                  \
-          (FT_Int32)( (FT_UInt32)0 - (FT_UInt32)(a) )
-
-#ifdef FT_INT64
-
-#define ADD_INT64( a, b )                               \
-          (FT_Int64)( (FT_UInt64)(a) + (FT_UInt64)(b) )
-#define SUB_INT64( a, b )                               \
-          (FT_Int64)( (FT_UInt64)(a) - (FT_UInt64)(b) )
-#define MUL_INT64( a, b )                               \
-          (FT_Int64)( (FT_UInt64)(a) * (FT_UInt64)(b) )
-#define NEG_INT64( a )                                  \
-          (FT_Int64)( (FT_UInt64)0 - (FT_UInt64)(a) )
-
-#endif /* FT_INT64 */
-

 FT_END_HEADER

--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@ -1168,7 +1168,7 @@
  TT_MulFix14_64( FT_F26Dot6  a,
                  FT_F2Dot14  b )
  {
-    FT_Int64  ab = (FT_Int64)( (FT_UInt64)a * (FT_UInt64)b );
+    FT_Int64  ab = MUL_INT64( a, b );


    ab += 0x2000 + ( ab >> 63 );  /* rounding phase */
@ -1329,8 +1329,8 @@
               FT_F2Dot14  bx,
               FT_F2Dot14  by )
  {
-    FT_Int64  temp1 = (FT_Int64)ax * bx;
-    FT_Int64  temp2 = (FT_Int64)ay * by;
+    FT_Int64  temp1 = MUL_INT64( ax, bx );
+    FT_Int64  temp2 = MUL_INT64( ay, by );


    temp1 += temp2;