diff options
author | Werner Lemberg <wl@gnu.org> | 2021-06-19 07:03:40 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2021-06-19 07:03:40 +0200 |
commit | b460a50610320c425292518cb5f6341af234e2f9 (patch) | |
tree | 977199f3058ab330d76824b30f62cbb5bae3f14c /src/truetype/ttinterp.c | |
parent | 232243e7495d142f30d4e024f30eda9ca8655154 (diff) | |
download | freetype2-b460a50610320c425292518cb5f6341af234e2f9.tar.gz |
[truetype] Fix integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312
* src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
Diffstat (limited to 'src/truetype/ttinterp.c')
-rw-r--r-- | src/truetype/ttinterp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 6747f940d..96b48a003 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -3593,7 +3593,7 @@ return; } - exc->IP += args[0]; + exc->IP = ADD_LONG( exc->IP, args[0] ); if ( exc->IP < 0 || ( exc->callTop > 0 && exc->IP > exc->callStack[exc->callTop - 1].Def->end ) ) |