minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

[psaux] Fix numeric overflow. 

Triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11157

* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_blend>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Fix integer overflow.
This commit is contained in:
Werner Lemberg 2018-10-27 00:07:53 +02:00
parent f56830ed40
commit bfe5329475
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
2018-10-27 Werner Lemberg <wl@gnu.org>
[psaux] Fix numeric overflow.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11157
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_blend>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Fix integer overflow.
2018-10-20 Werner Lemberg <wl@gnu.org>
Avoid endless loop while tracing (#54858).

3
src/psaux/cffdecode.c
View File

@ -1950,7 +1950,8 @@
if ( num_results < 0 )
goto Syntax_Error;
if ( num_results * (FT_Int)num_designs > num_args )
if ( num_results > num_args ||
num_results * (FT_Int)num_designs > num_args )
goto Stack_Underflow;
/* since we currently don't handle interpolation of multiple */