diff options
author | Werner Lemberg <wl@gnu.org> | 2018-04-14 07:20:31 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2018-04-14 07:20:31 +0200 |
commit | 827ca3bcf25b9e4dc2edf31381c0774e1d227285 (patch) | |
tree | 8370210d78c4b0f6e292c92f8c62888aabc8118c | |
parent | 576670b7794da946f35b247b314a61406c635cad (diff) | |
download | freetype2-827ca3bcf25b9e4dc2edf31381c0774e1d227285.tar.gz |
[truetype] Integer overflow issues.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7652
* src/truetype/ttinterp.c (Ins_MDAP): Use SUB_LONG.
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | src/truetype/ttinterp.c | 18 |
2 files changed, 20 insertions, 8 deletions
@@ -1,5 +1,15 @@ 2018-04-14 Werner Lemberg <wl@gnu.org> + [truetype] Integer overflow issues. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7652 + + * src/truetype/ttinterp.c (Ins_MDAP): Use SUB_LONG. + +2018-04-14 Werner Lemberg <wl@gnu.org> + [autofit] Update to Unicode 11.0.0. But no support new scripts (volunteers welcomed). diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 6a5b82314..d9865d4af 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -5874,16 +5874,18 @@ if ( SUBPIXEL_HINTING_INFINALITY && exc->ignore_x_mode && exc->GS.freeVector.x != 0 ) - distance = Round_None( - exc, - cur_dist, - exc->tt_metrics.compensations[0] ) - cur_dist; + distance = SUB_LONG( + Round_None( exc, + cur_dist, + exc->tt_metrics.compensations[0] ), + cur_dist ); else #endif - distance = exc->func_round( - exc, - cur_dist, - exc->tt_metrics.compensations[0] ) - cur_dist; + distance = SUB_LONG( + exc->func_round( exc, + cur_dist, + exc->tt_metrics.compensations[0] ), + cur_dist ); } else distance = 0; |