* include/freetype/internal/ftcalc.h: Add macros for handling

harmless over-/underflowing `FT_Int' values. * src/sfnt/sfdriver.c (fixed2float): Fix negation of `(int)(-2147483648)'. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9423
2018-07-16 18:45:23 +02:00 · 2018-07-16 18:45:23 +02:00 · fda356b742
parent 839cb404cf
commit fda356b742
3 changed files with 22 additions and 1 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
+2018-07-16  Armin Hasitzka  <prince.cherusker@gmail.com>
+
+	* include/freetype/internal/ftcalc.h: Add macros for handling
+	harmless over-/underflowing `FT_Int' values.
+
+	* src/sfnt/sfdriver.c (fixed2float): Fix negation of
+	`(int)(-2147483648)'.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9423
+
 2018-07-16  Werner Lemberg  <wl@gnu.org>

 	* src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error.
--- a/include/freetype/internal/ftcalc.h
+++ b/include/freetype/internal/ftcalc.h
@ -462,6 +462,15 @@ FT_BEGIN_HEADER
   *
   * Use with care!
   */
+#define ADD_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) + (FT_UInt)(b) )
+#define SUB_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) - (FT_UInt)(b) )
+#define MUL_INT( a, b )                           \
+          (FT_Int)( (FT_UInt)(a) * (FT_UInt)(b) )
+#define NEG_INT( a )                              \
+          (FT_Int)( (FT_UInt)0 - (FT_UInt)(a) )
+
 #define ADD_LONG( a, b )                             \
          (FT_Long)( (FT_ULong)(a) + (FT_ULong)(b) )
 #define SUB_LONG( a, b )                             \
--- a/src/sfnt/sfdriver.c
+++ b/src/sfnt/sfdriver.c
@ -677,7 +677,7 @@
    if ( fixed < 0 )
    {
      *p++ = '-';
-      fixed = -fixed;
+      fixed = NEG_INT( fixed );
    }

    int_part  = ( fixed >> 16 ) & 0xFFFF;