shithub: freetype+ttf2subf

Info  •  Files  •  Log  •  Branches

[pshinter] Handle numeric overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10550

* src/pshinter/pshglob.c (psh_blues_snap_stem): Mask numeric
overflow.

git/fs: mount .git/fs: mount/attach disallowed

--- a/ChangeLog

+++ b/ChangeLog

@@ -1,3 +1,14 @@

+2018-10-02  Werner Lemberg  <[email protected]>

+

+	[pshinter] Handle numeric overflow.

+

+	Reported as

+

+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10550

+

+	* src/pshinter/pshglob.c (psh_blues_snap_stem): Mask numeric

+	overflow.

+

 2018-09-27  Alexei Podtelezhnikov  <[email protected]>

 	Align FreeType with standard C memory management.

@@ -138,7 +149,7 @@

 	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10396

 	* src/pshinter/pshglob.c: Include FT_INTERNAL_CALC_H.

-	(psh_blues_snap_stems): Mask numeric overflow.

+	(psh_blues_snap_stem): Mask numeric overflow.

 2018-09-13  Werner Lemberg  <[email protected]>

--- a/src/pshinter/pshglob.c

+++ b/src/pshinter/pshglob.c

@@ -591,7 +591,7 @@

     for ( ; count > 0; count--, zone-- )

     {

-      delta = zone->org_top - stem_bot;

+      delta = SUB_LONG( zone->org_top, stem_bot );

       if ( delta < -blues->blue_fuzz )

         break;