From 0f1685dffea82b87025c1ca7976efb8723525728 Mon Sep 17 00:00:00 2001 From: Eike Rathke Date: Thu, 10 Jun 2021 22:01:19 +0200 Subject: [PATCH] Add Coverity Scan fixes patch --- covscan.patch | 164 ++++++++++++++++++++++++++++++++++++++++++++++++++ woff2.spec | 10 ++- 2 files changed, 172 insertions(+), 2 deletions(-) create mode 100644 covscan.patch diff --git a/covscan.patch b/covscan.patch new file mode 100644 index 0000000..41b7e1f --- /dev/null +++ b/covscan.patch @@ -0,0 +1,164 @@ +diff --git a/src/font.cc b/src/font.cc +index a45153e..0e9f5bf 100644 +--- a/src/font.cc ++++ b/src/font.cc +@@ -66,7 +66,7 @@ bool ReadTrueTypeFont(Buffer* file, const uint8_t* data, size_t len, + + std::map intervals; + for (uint16_t i = 0; i < font->num_tables; ++i) { +- Font::Table table; ++ Font::Table table = {}; + table.flag_byte = 0; + table.reuse_of = NULL; + if (!file->ReadU32(&table.tag) || +@@ -326,7 +326,7 @@ int NumGlyphs(const Font& font) { + return 0; + } + int index_fmt = IndexFormat(font); +- int loca_record_size = (index_fmt == 0 ? 2 : 4); ++ uint32_t loca_record_size = (index_fmt == 0 ? 2 : 4); + if (loca_table->length < loca_record_size) { + return 0; + } +diff --git a/src/glyph.h b/src/glyph.h +index f24056f..e870188 100644 +--- a/src/glyph.h ++++ b/src/glyph.h +@@ -22,17 +22,17 @@ namespace woff2 { + // is around. + class Glyph { + public: +- Glyph() : instructions_size(0), composite_data_size(0) {} ++ Glyph() {} + + // Bounding box. +- int16_t x_min; +- int16_t x_max; +- int16_t y_min; +- int16_t y_max; ++ int16_t x_min = 0; ++ int16_t x_max = 0; ++ int16_t y_min = 0; ++ int16_t y_max = 0; + + // Instructions. +- uint16_t instructions_size; +- const uint8_t* instructions_data; ++ uint16_t instructions_size = 0; ++ const uint8_t* instructions_data = 0; + + // Data model for simple glyphs. + struct Point { +@@ -43,9 +43,9 @@ class Glyph { + std::vector > contours; + + // Data for composite glyphs. +- const uint8_t* composite_data; +- uint32_t composite_data_size; +- bool have_instructions; ++ const uint8_t* composite_data = 0; ++ uint32_t composite_data_size = 0; ++ bool have_instructions = false; + }; + + // Parses the glyph from the given data. Returns false on parsing failure or +diff --git a/src/normalize.cc b/src/normalize.cc +index 6685e08..a819074 100644 +--- a/src/normalize.cc ++++ b/src/normalize.cc +@@ -97,7 +97,7 @@ bool MakeEditableBuffer(Font* font, int tableTag) { + table->buffer.resize(sz); + uint8_t* buf = &table->buffer[0]; + memcpy(buf, table->data, table->length); +- if (PREDICT_FALSE(sz > table->length)) { ++ if (PREDICT_FALSE(static_cast(sz) > table->length)) { + memset(buf + table->length, 0, sz - table->length); + } + table->data = buf; +@@ -213,7 +213,6 @@ bool FixChecksums(Font* font) { + size_t offset = 8; + StoreU32(0, &offset, head_buf); + uint32_t file_checksum = 0; +- uint32_t head_checksum = 0; + for (auto& i : font->tables) { + Font::Table* table = &i.second; + if (table->IsReused()) { +@@ -221,10 +220,6 @@ bool FixChecksums(Font* font) { + } + table->checksum = ComputeULongSum(table->data, table->length); + file_checksum += table->checksum; +- +- if (table->tag == kHeadTableTag) { +- head_checksum = table->checksum; +- } + } + + file_checksum += ComputeHeaderChecksum(*font); +diff --git a/src/woff2_dec.cc b/src/woff2_dec.cc +index 25e18c6..442baa5 100644 +--- a/src/woff2_dec.cc ++++ b/src/woff2_dec.cc +@@ -316,7 +316,7 @@ void ComputeBbox(unsigned int n_points, const Point* points, uint8_t* dst) { + offset = Store16(dst, offset, x_min); + offset = Store16(dst, offset, y_min); + offset = Store16(dst, offset, x_max); +- offset = Store16(dst, offset, y_max); ++ Store16(dst, offset, y_max); + } + + +diff --git a/src/woff2_enc.cc b/src/woff2_enc.cc +index ec00878..c0598f8 100644 +--- a/src/woff2_enc.cc ++++ b/src/woff2_enc.cc +@@ -331,20 +331,17 @@ bool ConvertTTFToWOFF2(const uint8_t *data, size_t length, + return false; + } + +- Table table; ++ Table table = {}; + table.tag = src_table.tag; + table.flags = src_table.flag_byte; + table.src_length = src_table.length; + table.transform_length = src_table.length; +- const uint8_t* transformed_data = src_table.data; + const Font::Table* transformed_table = + font.FindTable(src_table.tag ^ 0x80808080); + if (transformed_table != NULL) { + table.flags = transformed_table->flag_byte; + table.flags |= kWoff2FlagsTransform; + table.transform_length = transformed_table->length; +- transformed_data = transformed_table->data; +- + } + tables.push_back(table); + } +@@ -423,8 +420,6 @@ bool ConvertTTFToWOFF2(const uint8_t *data, size_t length, + // for reused tables, only the original has an updated offset + uint32_t table_offset = + table.IsReused() ? table.reuse_of->offset : table.offset; +- uint32_t table_length = +- table.IsReused() ? table.reuse_of->length : table.length; + std::pair tag_offset(table.tag, table_offset); + if (index_by_tag_offset.find(tag_offset) == index_by_tag_offset.end()) { + #ifdef FONT_COMPRESSION_BIN +diff --git a/src/woff2_info.cc b/src/woff2_info.cc +index 2b51adc..8ec9d36 100644 +--- a/src/woff2_info.cc ++++ b/src/woff2_info.cc +@@ -122,13 +122,13 @@ int main(int argc, char **argv) { + if (!woff2::Read255UShort(&file, &numFonts)) return 1; + printf("CollectionHeader 0x%08x %d fonts\n", version, numFonts); + +- for (auto i = 0; i < numFonts; i++) { ++ for (auto i = 0u; i < numFonts; i++) { + uint32_t numTables, flavor; + if (!woff2::Read255UShort(&file, &numTables)) return 1; + if (!file.ReadU32(&flavor)) return 1; + printf("CollectionFontEntry %d flavor 0x%08x %d tables\n", i, flavor, + numTables); +- for (auto j = 0; j < numTables; j++) { ++ for (auto j = 0u; j < numTables; j++) { + uint32_t table_idx; + if (!woff2::Read255UShort(&file, &table_idx)) return 1; + if (table_idx >= table_tags.size()) return 1; diff --git a/woff2.spec b/woff2.spec index a3f3120..8b0c621 100644 --- a/woff2.spec +++ b/woff2.spec @@ -2,13 +2,16 @@ Name: woff2 Version: 1.0.2 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Web Open Font Format 2.0 library License: MIT URL: https://github.com/google/woff2 Source0: https://github.com/google/woff2/archive/v%{version}/%{name}-%{version}.tar.gz +# https://github.com/google/woff2/pull/121 +Patch0: covscan.patch + BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: brotli-devel >= 1.0 @@ -35,7 +38,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Development files and utils for %{name} %prep -%autosetup -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} %build %cmake \ @@ -75,6 +78,9 @@ cd - %{_libdir}/pkgconfig/libwoff2enc.pc %changelog +* Thu Jun 10 2021 Eike Rathke - 1.0.2-12 +- Add Coverity Scan fixes patch + * Mon Apr 19 2021 Eike Rathke - 1.0.2-11 - Get rid of all things RPATH