rgraves
/
freetype2
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[psaux] Fix numeric overflow. 

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768

* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
This commit is contained in:
Werner Lemberg 2018-10-02 16:48:59 +02:00
parent 83fc524dfc
commit 6b660f1215
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
2018-10-02 Werner Lemberg <wl@gnu.org>
[psaux] Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
2018-10-02 Werner Lemberg <wl@gnu.org>
[pshinter] Handle numeric overflow.

2
src/psaux/cffdecode.c
View File

@ -1839,7 +1839,7 @@
/* before C99 it is implementation-defined whether */
/* the result of `%' is negative if the first operand */
/* is negative */
idx = -( ( -idx ) % count );
idx = -( NEG_INT( idx ) % count );
while ( idx < 0 )
{
FT_Fixed tmp = args[0];