shithub: freetype+ttf2subf

Download patch

ref: c3083e459584d0e8481fa2401232c8a3145fae4b
parent: 2e58808d4850f2a2d4d126974bc7d6f83499ce90
author: Werner Lemberg <[email protected]>
date: Thu Oct 5 10:32:24 EDT 2017 

* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer
overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2017-10-05  Werner Lemberg  <[email protected]>
 
+	* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer
+	overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539
+
+2017-10-05  Werner Lemberg  <[email protected]>
+
 	Fix compiler warnings.
 
 	* src/cff/cffdrivr.c (cff_ps_get_font_extra): Avoid code that relies
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -419,8 +419,8 @@
       cbox.yMax = FT_PIX_CEIL( cbox.yMax );
     }
 
-    x_shift -= cbox.xMin;
-    y_shift -= cbox.yMin;
+    x_shift = SUB_LONG( x_shift, cbox.xMin );
+    y_shift = SUB_LONG( y_shift, cbox.yMin );
 
     x_left = cbox.xMin >> 6;
     y_top  = cbox.yMax >> 6;