[cff] Integer overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738

* src/cff/cf2hints.c (cf2_glyphpath_computeOffset,
cf2_glyphpath_curveTo): Use ADD_INT32.
This commit is contained in:
Werner Lemberg 2017-07-26 23:32:32 +02:00
parent 38bdf22bfe
commit 933f4cbe79
2 changed files with 17 additions and 4 deletions

View File

@ -1,3 +1,14 @@
2017-07-26 Werner Lemberg <wl@gnu.org>
[cff] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738
* src/cff/cf2hints.c (cf2_glyphpath_computeOffset,
cf2_glyphpath_curveTo): Use ADD_INT32.
2017-07-13 Werner Lemberg <wl@gnu.org>
[base] Fix memory leak.

View File

@ -1489,8 +1489,9 @@
return;
/* add momentum for this path element */
glyphpath->callbacks->windingMomentum +=
cf2_getWindingMomentum( x1, y1, x2, y2 );
glyphpath->callbacks->windingMomentum =
ADD_INT32( glyphpath->callbacks->windingMomentum,
cf2_getWindingMomentum( x1, y1, x2, y2 ) );
/* note: allow mixed integer and fixed multiplication here */
if ( dx >= 0 )
@ -1778,8 +1779,9 @@
&yOffset3 );
/* add momentum from the middle segment */
glyphpath->callbacks->windingMomentum +=
cf2_getWindingMomentum( x1, y1, x2, y2 );
glyphpath->callbacks->windingMomentum =
ADD_INT32( glyphpath->callbacks->windingMomentum,
cf2_getWindingMomentum( x1, y1, x2, y2 ) );
/* construct offset points */
P0.x = ADD_INT32( glyphpath->currentCS.x, xOffset1 );