summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWerner Lemberg <wl@gnu.org>2018-04-16 10:39:10 +0200
committerWerner Lemberg <wl@gnu.org>2018-04-16 10:39:10 +0200
commit70ac167c47f5ca966fb578b1f215430f46915a49 (patch)
tree1522881f676199c75e09a35f371e3fdc4b71f2f3
parent939bbee1c007d307f80c538b2a09ee2632f16655 (diff)
downloadfreetype2-70ac167c47f5ca966fb578b1f215430f46915a49.tar.gz
[truetype] Integer overflow issues.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718 * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
Diffstat
-rw-r--r--ChangeLog14
-rw-r--r--src/truetype/ttinterp.c2
2 files changed, 13 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 0197dcb29..316256098 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-04-16 Werner Lemberg <wl@gnu.org>
+
+ [truetype] Integer overflow issues.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718
+
+ * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
+
2018-04-15 Alexei Podtelezhnikov <apodtele@gmail.com>
[build] Use `info' function of make 3.81.
@@ -46,7 +56,7 @@
2018-04-10 Nikolaus Waxweiler <madigens@gmail.com>
- * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive
+ * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive
modernization measures.
This brings up the minimum required CMake version to 2.8.12.
@@ -102,7 +112,7 @@
builds/windows/vc2008/freetype.vcproj,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/freetype.dsp,
- builds/windows/visualc/freetype.vcproj,
+ builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/freetype.dsp: Remove per-file compile flags.
2018-04-04 Werner Lemberg <wl@gnu.org>
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index c66c69929..336b46b42 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -6193,7 +6193,7 @@
minimum_distance = exc->GS.minimum_distance;
control_value_cutin = exc->GS.control_value_cutin;
point = (FT_UShort)args[0];
- cvtEntry = (FT_ULong)( args[1] + 1 );
+ cvtEntry = (FT_ULong)( ADD_LONG( args[1], 1 ) );
#ifdef TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY
if ( SUBPIXEL_HINTING_INFINALITY &&
View Lorry Controller Status