ref: 6b660f12151c7f333f8be6d84df916db210d3742
parent: 83fc524dfc93bfabee681ea2484b93ad1f66ca15
author: Werner Lemberg <[email protected]>
date: Tue Oct 2 12:48:59 EDT 2018
[psaux] Fix numeric overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768 * src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2018-10-02 Werner Lemberg <[email protected]>
+ [psaux] Fix numeric overflow.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768
+
+ * src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
+ [CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
+
+2018-10-02 Werner Lemberg <[email protected]>
+
[pshinter] Handle numeric overflow.
Reported as
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -1839,7 +1839,7 @@
/* before C99 it is implementation-defined whether */
/* the result of `%' is negative if the first operand */
/* is negative */
- idx = -( ( -idx ) % count );
+ idx = -( NEG_INT( idx ) % count );
while ( idx < 0 )
{FT_Fixed tmp = args[0];