Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix AddressSanitizer: global-buffer-overflow
==10627==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00010e2239c1 at pc 0x000111258c3d bp 0x7ffee286c210 sp 0x7ffee286b988 WRITE of size 4 at 0x00010e2239c1 thread T0 #0 0x111258c3c in scanf_common(void*, int, bool, char const*, __va_list_tag*) (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27c3c) #1 0x111258d6d in wrap_vsscanf (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27d6d) #2 0x11125902c in wrap_sscanf (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x2802c) fontforge#3 0x10de70b21 in PrefsUI_LoadPrefs prefs.c:1230 fontforge#4 0x10e02e0ce in fontforge_main startui.c:1109 fontforge#5 0x10d654b11 in main main.c:33 fontforge#6 0x7fff62d7b3d4 in start (libdyld.dylib:x86_64+0x163d4) 0x00010e2239c1 is located 63 bytes to the left of global variable 'fvhintingneededcol' defined in '../fontforgeexe/fontview.c:123:14' (0x10e223a00) of size 4 0x00010e2239c1 is located 0 bytes to the right of global variable 'warn_script_unsaved' defined in '../fontforgeexe/fontview.c:83:6' (0x10e2239c0) of size 1 SUMMARY: AddressSanitizer: global-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x27c3c) in scanf_common(void*, int, bool, char const*, __va_list_tag*) warn_script_unsaved is declared as bool, but prefs.c:1230 casts its pointer to int *, leading the issue above. Prefs of type pr_bool should be int as well, FontForge is pre-C99 and does not know bool.
- Loading branch information