Fix function pointer mix up in LCMS Add an adapter to handle a case where the caller has a _cmsPipelineEval16Fn function pointer, but the callee's signature is _cmsInterpFn16. Bug: chromium:1448746 Change-Id: Ida85c3bff7f38c27b69da164df8999eadee7d0b9 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/108130 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/third_party/lcms/0035-func-ptr-mixup.patch b/third_party/lcms/0035-func-ptr-mixup.patch new file mode 100644 index 0000000..8232e21 --- /dev/null +++ b/third_party/lcms/0035-func-ptr-mixup.patch
@@ -0,0 +1,29 @@ +diff --git a/third_party/lcms/src/cmsopt.c b/third_party/lcms/src/cmsopt.c +index e3212fb4d..a5475709b 100644 +--- a/third_party/lcms/src/cmsopt.c ++++ b/third_party/lcms/src/cmsopt.c +@@ -100,6 +100,15 @@ typedef struct { + + } Curves16Data; + ++// A simple adapter to prevent _cmsPipelineEval16Fn vs. _cmsInterpFn16 ++// confusion, which trips up UBSAN. ++static ++void Lerp16Adapter(CMSREGISTER const cmsUInt16Number in[], ++ CMSREGISTER cmsUInt16Number out[], ++ const void* data) { ++ cmsInterpParams* params = (cmsInterpParams*)data; ++ params->Interpolation.Lerp16(in, out, params); ++} + + // Simple optimizations ---------------------------------------------------------------------------------------------------------- + +@@ -805,7 +814,7 @@ Error: + + if (DataSetIn == NULL && DataSetOut == NULL) { + +- _cmsPipelineSetOptimizationParameters(Dest, (_cmsPipelineEval16Fn) DataCLUT->Params->Interpolation.Lerp16, DataCLUT->Params, NULL, NULL); ++ _cmsPipelineSetOptimizationParameters(Dest, Lerp16Adapter, DataCLUT->Params, NULL, NULL); + } + else { +
diff --git a/third_party/lcms/README.pdfium b/third_party/lcms/README.pdfium index b71c6f2..335bdca 100644 --- a/third_party/lcms/README.pdfium +++ b/third_party/lcms/README.pdfium
@@ -20,3 +20,4 @@ 0030-const-data.patch: Mark many data structures as const. 0033-opt-integer-overflow.patch: Protect against integer overflow. 0034-dead-code.patch: Remove dead code. +0035-func-ptr-mixup.patch: Prevent mixing up function pointer types.
diff --git a/third_party/lcms/src/cmsopt.c b/third_party/lcms/src/cmsopt.c index e3212fb..a547570 100644 --- a/third_party/lcms/src/cmsopt.c +++ b/third_party/lcms/src/cmsopt.c
@@ -100,6 +100,15 @@ } Curves16Data; +// A simple adapter to prevent _cmsPipelineEval16Fn vs. _cmsInterpFn16 +// confusion, which trips up UBSAN. +static +void Lerp16Adapter(CMSREGISTER const cmsUInt16Number in[], + CMSREGISTER cmsUInt16Number out[], + const void* data) { + cmsInterpParams* params = (cmsInterpParams*)data; + params->Interpolation.Lerp16(in, out, params); +} // Simple optimizations ---------------------------------------------------------------------------------------------------------- @@ -805,7 +814,7 @@ if (DataSetIn == NULL && DataSetOut == NULL) { - _cmsPipelineSetOptimizationParameters(Dest, (_cmsPipelineEval16Fn) DataCLUT->Params->Interpolation.Lerp16, DataCLUT->Params, NULL, NULL); + _cmsPipelineSetOptimizationParameters(Dest, Lerp16Adapter, DataCLUT->Params, NULL, NULL); } else {