diff options
author | Werner Lemberg <wl@gnu.org> | 2017-06-03 06:13:10 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2017-06-03 06:13:10 +0200 |
commit | c5a225413ffd6f3e032cede5a14d64a2c2c047a2 (patch) | |
tree | d0fb376a14b89e89b00e60aa9b7b0e4398a7380b | |
parent | 0716c6ab7a1c43ba88192498d23e84178e216820 (diff) | |
download | freetype2-c5a225413ffd6f3e032cede5a14d64a2c2c047a2.tar.gz |
ftcalc.h: Avoid left-shift of negative numbers.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055
* include/freetype/internal/ftcalc.h (INT_TO_F26DOT6,
INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | include/freetype/internal/ftcalc.h | 8 |
2 files changed, 15 insertions, 4 deletions
@@ -1,3 +1,14 @@ +2017-06-03 Werner Lemberg <wl@gnu.org> + + ftcalc.h: Avoid left-shift of negative numbers. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 + + * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, + INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication. + 2017-06-02 Werner Lemberg <wl@gnu.org> [cff] Even more integer overflows. diff --git a/include/freetype/internal/ftcalc.h b/include/freetype/internal/ftcalc.h index 2b040feea..5902e190e 100644 --- a/include/freetype/internal/ftcalc.h +++ b/include/freetype/internal/ftcalc.h @@ -399,10 +399,10 @@ FT_BEGIN_HEADER #endif /* 0 */ -#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) << 6 ) -#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) << 14 ) -#define INT_TO_FIXED( x ) ( (FT_Long)(x) << 16 ) -#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) << 2 ) +#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) * 64 ) /* << 6 */ +#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) * 16384 ) /* << 14 */ +#define INT_TO_FIXED( x ) ( (FT_Long)(x) * 65536 ) /* << 16 */ +#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) * 4 ) /* << 2 */ #define FIXED_TO_INT( x ) ( FT_RoundFix( x ) >> 16 ) #define ROUND_F26DOT6( x ) ( x >= 0 ? ( ( (x) + 32 ) & -64 ) \ |