From 2119b86db25fac3165c562f9d40e5874de824c80 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Mon, 7 Mar 2016 16:29:31 +0100
Subject: QRawFont: fix UB in supportedWritingSystems()

Found by UBSan:

  src/gui/text/qrawfont.cpp:647:55: runtime error: load of misaligned address 0x000001eeed26 for type 'quint32', which requires 4 byte alignment
  src/gui/text/qrawfont.cpp:648:50: runtime error: load of misaligned address 0x000001eeed02 for type 'quint32', which requires 4 byte alignment

Fix by using the qFromBigEndian() overload that can read from
unaligned memory.

While touching the code, also disentangle the two loops so that
operations are now performed in memory order instead of inter-
leaved, use less magic numbers, and avoid a QByteArray detach.

Change-Id: I26fa39726f6fa2e957b60863fa160280cf1dc9ac
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@theqtcompany.com>
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
---
 src/gui/text/qrawfont.cpp | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/gui/text/qrawfont.cpp b/src/gui/text/qrawfont.cpp
index 59f13581dd..5d4044b096 100644
--- a/src/gui/text/qrawfont.cpp
+++ b/src/gui/text/qrawfont.cpp
@@ -627,18 +627,18 @@ QList<QFontDatabase::WritingSystem> QRawFont::supportedWritingSystems() const
     if (d->isValid()) {
         QByteArray os2Table = fontTable("OS/2");
         if (os2Table.size() > 86) {
-            char *data = os2Table.data();
-            quint32 *bigEndianUnicodeRanges = reinterpret_cast<quint32 *>(data + 42);
-            quint32 *bigEndianCodepageRanges = reinterpret_cast<quint32 *>(data + 78);
+            const uchar * const data = reinterpret_cast<const uchar *>(os2Table.constData());
+            const uchar * const bigEndianUnicodeRanges  = data + 42;
+            const uchar * const bigEndianCodepageRanges = data + 78;
 
             quint32 unicodeRanges[4];
             quint32 codepageRanges[2];
 
-            for (int i=0; i<4; ++i) {
-                if (i < 2)
-                    codepageRanges[i] = qFromBigEndian(bigEndianCodepageRanges[i]);
-                unicodeRanges[i] = qFromBigEndian(bigEndianUnicodeRanges[i]);
-            }
+            for (size_t i = 0; i < sizeof unicodeRanges / sizeof *unicodeRanges; ++i)
+                unicodeRanges[i] = qFromBigEndian<quint32>(bigEndianUnicodeRanges + i * sizeof(quint32));
+
+            for (size_t i = 0; i < sizeof codepageRanges / sizeof *codepageRanges; ++i)
+                codepageRanges[i] = qFromBigEndian<quint32>(bigEndianCodepageRanges + i * sizeof(quint32));
 
             QSupportedWritingSystems ws = QPlatformFontDatabase::writingSystemsFromTrueTypeBits(unicodeRanges, codepageRanges);
             for (int i = 0; i < QFontDatabase::WritingSystemsCount; ++i) {
-- 
cgit v1.2.3