diff --git a/ChangeLog b/ChangeLog index 2549d0f9a..dac2e7dc6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2017-09-30 Alexei Podtelezhnikov + + Signedness fixes in bitmap presetting. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3514. + + * src/raster/ftrend1.c (ft_raster1_render): Exlicitly signed height. + * src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto. + * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Explicitly unsigned + subtraction. + 2017-09-29 Alexei Podtelezhnikov Bitmap metrics presetting [2/2]. diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index 030c0336a..5722c55ba 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -425,8 +425,8 @@ x_left = cbox.xMin >> 6; y_top = cbox.yMax >> 6; - width = (FT_ULong)( cbox.xMax - cbox.xMin ) >> 6; - height = (FT_ULong)( cbox.yMax - cbox.yMin ) >> 6; + width = ( (FT_ULong)cbox.xMax - (FT_ULong)cbox.xMin ) >> 6; + height = ( (FT_ULong)cbox.yMax - (FT_ULong)cbox.yMin ) >> 6; switch ( pixel_mode ) { diff --git a/src/raster/ftrend1.c b/src/raster/ftrend1.c index bbce7bb2a..ede49167e 100644 --- a/src/raster/ftrend1.c +++ b/src/raster/ftrend1.c @@ -137,7 +137,7 @@ slot->internal->flags |= FT_GLYPH_OWN_BITMAP; x_shift = -slot->bitmap_left * 64; - y_shift = ( bitmap->rows - slot->bitmap_top ) * 64; + y_shift = ( (FT_Int)bitmap->rows - slot->bitmap_top ) * 64; if ( origin ) { diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c index 7946f28bb..db3a1c31d 100644 --- a/src/smooth/ftsmooth.c +++ b/src/smooth/ftsmooth.c @@ -141,9 +141,9 @@ x_shift = 64 * -slot->bitmap_left; y_shift = 64 * -slot->bitmap_top; if ( bitmap->pixel_mode == FT_PIXEL_MODE_LCD_V ) - y_shift += 64 * bitmap->rows / 3; + y_shift += 64 * (FT_Int)bitmap->rows / 3; else - y_shift += 64 * bitmap->rows; + y_shift += 64 * (FT_Int)bitmap->rows; if ( origin ) {