summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog10
-rw-r--r--src/truetype/ttinterp.c2
2 files changed, 11 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 522d084da..aaec6b1c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2021-06-19 Werner Lemberg <david@freetype.org>
+ [truetype] Fix integer overflow.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312
+
+ * src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
+
+2021-06-19 Werner Lemberg <david@freetype.org>
+
[autofit] Prevent hinting if there are too many segments.
This speeds up handling of broken glyphs.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 6747f940d..96b48a003 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3593,7 +3593,7 @@
return;
}
- exc->IP += args[0];
+ exc->IP = ADD_LONG( exc->IP, args[0] );
if ( exc->IP < 0 ||
( exc->callTop > 0 &&
exc->IP > exc->callStack[exc->callTop - 1].Def->end ) )
View Lorry Controller Status