Avoid overflowing conversion from double to sal_Int32

Desktop / LibreOffice - Stephan Bergmann [redhat.com] - 23 July 2019 14:26 EDT

...by clamping the value to the sal_Int32 range. An alternative would be to instead print nAdjustment as a real value (which the PDF standard apparently supports, without giving limits to such real values), as had been implemented at , but that was deemed unnecessarily complex, as no sane document should require nAdjustment values outside the sal_Int32 range.

`--convert-to pdf caolan/drawinglayer_emfphelperdata_heap_use_after_free.sample` (from the crashtestdata files) has cases where

double fAdvance = aThisPos.X() - aPrevPos.X();

gets rather large (whether or not that's faithful to the input document, or a consequence of an earlier import error), so failed with

> vcl/source/gdi/pdfwriter_impl.cxx:6078:66: runtime error: -5.83192e+09 is outside the range of representable values of type 'int' > #0 in vcl::PDFWriterImpl::drawHorizontalGlyphs(std::__debug::vector > const&, rtl::OStringBuffer&, Point const&, bool, double, double, double, int, int) at vcl/source/gdi/pdfwriter_impl.cxx:6078:66 > #1 in vcl::PDFWriterImpl::drawLayout(SalLayout&, rtl::OUString const&, bool) at vcl/source/gdi/pdfwriter_impl.cxx:6404:17 > #2 in vcl::PDFWriterImpl::drawTextArray(Point const&, rtl::OUString const&, long const*, int, int) at vcl/source/gdi/pdfwriter_impl.cxx:6621:9 > #3 in vcl::PDFWriter::DrawTextArray(Point const&, rtl::OUString const&, long const*, int, int) at vcl/source/gdi/pdfwriter.cxx:87:22 > #4 in vcl::PDFWriterImpl::playMetafile(GDIMetaFile const&, vcl::PDFExtOutDevData*, vcl::PDFWriter::PlayMetafileContext const&, VirtualDevice*) at vcl/source/gdi/pdfwriter_impl2.cxx:878:34 [...]

In the original compuation of sal_Int32 nAdjustment, the "+ 0.5" was presumably intended to round to the nearest integer, even though it would have rounded towards zero for negative values (as conversion to integer truncates). So use std::round to always round to the nearest integer, including for negative
values.

Change-Id: Ie3ddbb66421f47417c6d9ae096f2207a29aca4a4 Reviewed-on: https://gerrit.libreoffice.org/74543

04b7fdb56773 Avoid overflowing conversion from double to sal_Int32
vcl/source/gdi/pdfwriter_impl.cxx | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

Upstream: cgit.freedesktop.org


  • Share