diff options
author | Werner Lemberg <wl@gnu.org> | 2020-06-19 08:18:26 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2020-06-19 08:18:26 +0200 |
commit | d1180b5f9598088ab1bc9d772e5e09ece0702a38 (patch) | |
tree | 564742922575eb9522202d2e35f35f567afb28dc | |
parent | 4d364b68215f1380b66164f3f0e4bdadc154d08f (diff) | |
download | freetype2-d1180b5f9598088ab1bc9d772e5e09ece0702a38.tar.gz |
[base] Fix UBSAN error.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23166
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Avoid values
larger than 32 bits.
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | src/base/ftoutln.c | 7 |
2 files changed, 18 insertions, 0 deletions
@@ -1,5 +1,16 @@ 2020-06-19 Werner Lemberg <wl@gnu.org> + [base] Fix UBSAN error. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23166 + + * src/base/ftoutln.c (FT_Outline_Get_Orientation): Avoid values + larger than 32 bits. + +2020-06-19 Werner Lemberg <wl@gnu.org> + [woff2] Fix segfault. Reported as diff --git a/src/base/ftoutln.c b/src/base/ftoutln.c index 9935e058b..6009bc314 100644 --- a/src/base/ftoutln.c +++ b/src/base/ftoutln.c @@ -1060,6 +1060,13 @@ if ( cbox.xMin == cbox.xMax || cbox.yMin == cbox.yMax ) return FT_ORIENTATION_NONE; + /* Reject values larger than 32bit. */ + if ( (unsigned long)cbox.xMin > 0xFFFFFFFFUL || + (unsigned long)cbox.xMax > 0xFFFFFFFFUL || + (unsigned long)cbox.yMin > 0xFFFFFFFFUL || + (unsigned long)cbox.yMax > 0xFFFFFFFFUL ) + return FT_ORIENTATION_NONE; + xshift = FT_MSB( (FT_UInt32)( FT_ABS( cbox.xMax ) | FT_ABS( cbox.xMin ) ) ) - 14; xshift = FT_MAX( xshift, 0 ); |