From: Benjamin Gordon <bmgordon@chromium.org>
Date: Wed, 1 Feb 2023 17:01:42 +0000 (-0700)
Subject: Fix UB in cups_raster_read debug message
X-Git-Tag: v2.4.3~49^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F607%2Fhead;p=thirdparty%2Fcups.git

Fix UB in cups_raster_read debug message

The first time `cups_raster_read` is called, both `r->bufptr` and
`r->buffer` are NULL.  The calculation here then ends up looking like
adding a size_t to a NULL pointer, which triggers the ubsan detector.
Since we just want an offset, cast the pointer difference to ssize_t
like the code already does a few lines below.
---

diff --git a/cups/raster-stream.c b/cups/raster-stream.c
index c51869e4fc..aea71b0338 100644
--- a/cups/raster-stream.c
+++ b/cups/raster-stream.c
@@ -1409,7 +1409,7 @@ cups_raster_read(cups_raster_t *r,	/* I - Raster stream */
 		total;			/* Total bytes read */
 
 
-  DEBUG_printf(("4cups_raster_read(r=%p, buf=%p, bytes=" CUPS_LLFMT "), offset=" CUPS_LLFMT, (void *)r, (void *)buf, CUPS_LLCAST bytes, CUPS_LLCAST (r->iostart + r->bufptr - r->buffer)));
+  DEBUG_printf(("4cups_raster_read(r=%p, buf=%p, bytes=" CUPS_LLFMT "), offset=" CUPS_LLFMT, (void *)r, (void *)buf, CUPS_LLCAST bytes, CUPS_LLCAST (r->iostart + (ssize_t)(r->bufptr - r->buffer))));
 
   if (!r->compressed)
     return (cups_raster_io(r, buf, bytes));