From 3fa35aa420ee88856c60d3c0b7fedd43801953cc Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Tue, 3 Sep 2019 21:10:20 +0200 Subject: [PATCH] * src/sfnt/sfwoff2.c (compute_ULong_sum): Fix undefined shift. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16933 --- ChangeLog | 8 ++++++++ src/sfnt/sfwoff2.c | 8 ++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6d7cb432..55fc3aedc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2019-09-03 Werner Lemberg + + * src/sfnt/sfwoff2.c (compute_ULong_sum): Fix undefined shift. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16933 + 2019-09-01 Werner Lemberg * src/sfnt/sfwoff2.c (woff2_open_font): Add sanity check. diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c index 6e2ff040f..9beb01f65 100644 --- a/src/sfnt/sfwoff2.c +++ b/src/sfnt/sfwoff2.c @@ -292,10 +292,10 @@ for ( i = 0; i < aligned_size; i += 4 ) - checksum += ( buf[i ] << 24 ) | - ( buf[i + 1] << 16 ) | - ( buf[i + 2] << 8 ) | - ( buf[i + 3] << 0 ); + checksum += ( (FT_ULong)buf[i ] << 24 ) | + ( (FT_ULong)buf[i + 1] << 16 ) | + ( (FT_ULong)buf[i + 2] << 8 ) | + ( (FT_ULong)buf[i + 3] << 0 ); /* If size is not aligned to 4, treat as if it is padded with 0s. */ if ( size != aligned_size )