From c3083e459584d0e8481fa2401232c8a3145fae4b Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Thu, 5 Oct 2017 14:32:24 +0200 Subject: [PATCH] * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539 --- ChangeLog | 9 +++++++++ src/base/ftobjs.c | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1890cbfc5..f131f2f8b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2017-10-05 Werner Lemberg + + * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer + overflow. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539 + 2017-10-05 Werner Lemberg Fix compiler warnings. diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index 79e751120..2258a3175 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -419,8 +419,8 @@ cbox.yMax = FT_PIX_CEIL( cbox.yMax ); } - x_shift -= cbox.xMin; - y_shift -= cbox.yMin; + x_shift = SUB_LONG( x_shift, cbox.xMin ); + y_shift = SUB_LONG( y_shift, cbox.yMin ); x_left = cbox.xMin >> 6; y_top = cbox.yMax >> 6;