shithub: freetype+ttf2subf

Download patch

ref: c13635ee4bf34e621816cd09d7f2baf918e20af8
parent: ba62f9d8f5f85c6dda93b481271de37fb1f09e77
author: Werner Lemberg <[email protected]>
date: Mon Oct 29 17:25:10 EDT 2018 

[base] Fix numeric overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11080

* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use `MUL_LONG'.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2018-10-29  Werner Lemberg  <[email protected]>
 
+	[base] Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11080
+
+	* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use `MUL_LONG'.
+
+2018-10-29  Werner Lemberg  <[email protected]>
+
 	[cff] Fix numeric overflow.
 
 	Reported as
--- a/src/base/ftoutln.c
+++ b/src/base/ftoutln.c
@@ -1076,7 +1076,8 @@
         v_cur.y = points[n].y >> yshift;
 
         area = ADD_LONG( area,
-                         ( v_cur.y - v_prev.y ) * ( v_cur.x + v_prev.x ) );
+                         MUL_LONG( v_cur.y - v_prev.y,
+                                   v_cur.x + v_prev.x ) );
 
         v_prev = v_cur;
       }