[cff] More integer overflows.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032

* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
This commit is contained in:
Werner Lemberg 2017-06-02 09:21:37 +02:00
parent 03b0cc2ea9
commit 7a4276fb90
2 changed files with 16 additions and 3 deletions

View File

@ -1,3 +1,13 @@
2017-06-02 Werner Lemberg <wl@gnu.org>
[cff] More integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
2017-06-02 Werner Lemberg <wl@gnu.org>
[bdf] Don't left-shift negative numbers.

View File

@ -301,7 +301,8 @@
/* top edge */
flatFamilyEdge = cf2_blueToFixed( familyOtherBlues[j + 1] );
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
flatFamilyEdge ) );
if ( diff < minDiff && diff < csUnitsPerPixel )
{
@ -319,7 +320,8 @@
/* top edge */
flatFamilyEdge = cf2_blueToFixed( familyBlues[1] );
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
flatFamilyEdge ) );
if ( diff < minDiff && diff < csUnitsPerPixel )
blues->zone[i].csFlatEdge = flatFamilyEdge;
@ -342,7 +344,8 @@
/* adjust edges of top zone upward by twice darkening amount */
flatFamilyEdge += 2 * font->darkenY; /* bottom edge */
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
flatFamilyEdge ) );
if ( diff < minDiff && diff < csUnitsPerPixel )
{