[cff] Fix handling of `roll' op in old engine.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080 * src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as documented in the specification.
This commit is contained in:
parent
2c8e6279a7
commit
3915a18b8c
12
ChangeLog
12
ChangeLog
|
@ -1,3 +1,15 @@
|
||||||
|
2018-08-29 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
|
[cff] Fix handling of `roll' op in old engine.
|
||||||
|
|
||||||
|
Reported as
|
||||||
|
|
||||||
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
|
||||||
|
|
||||||
|
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
|
||||||
|
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
|
||||||
|
documented in the specification.
|
||||||
|
|
||||||
2018-08-26 Werner Lemberg <wl@gnu.org>
|
2018-08-26 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
* src/truetype/ttobjs.c (tt_size_read_bytecode): Trace CVT values.
|
* src/truetype/ttobjs.c (tt_size_read_bytecode): Trace CVT values.
|
||||||
|
|
|
@ -1821,6 +1821,7 @@
|
||||||
|
|
||||||
if ( idx >= 0 )
|
if ( idx >= 0 )
|
||||||
{
|
{
|
||||||
|
idx = idx % count;
|
||||||
while ( idx > 0 )
|
while ( idx > 0 )
|
||||||
{
|
{
|
||||||
FT_Fixed tmp = args[count - 1];
|
FT_Fixed tmp = args[count - 1];
|
||||||
|
@ -1835,6 +1836,10 @@
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
/* before C99 it is implementation-defined whether */
|
||||||
|
/* the result of `%' is negative if the first operand */
|
||||||
|
/* is negative */
|
||||||
|
idx = -( ( -idx ) % count );
|
||||||
while ( idx < 0 )
|
while ( idx < 0 )
|
||||||
{
|
{
|
||||||
FT_Fixed tmp = args[0];
|
FT_Fixed tmp = args[0];
|
||||||
|
|
|
@ -258,6 +258,9 @@
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* before C99 it is implementation-defined whether */
|
||||||
|
/* the result of `%' is negative if the first operand */
|
||||||
|
/* is negative */
|
||||||
if ( shift < 0 )
|
if ( shift < 0 )
|
||||||
shift = -( ( -shift ) % count );
|
shift = -( ( -shift ) % count );
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue