forked from minhngoc25a/freetype2
[cff] More integer overflows.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
This commit is contained in:
parent
03b0cc2ea9
commit
7a4276fb90
10
ChangeLog
10
ChangeLog
|
@ -1,3 +1,13 @@
|
|||
2017-06-02 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[cff] More integer overflows.
|
||||
|
||||
Reported as
|
||||
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
|
||||
|
||||
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
|
||||
|
||||
2017-06-02 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[bdf] Don't left-shift negative numbers.
|
||||
|
|
|
@ -301,7 +301,8 @@
|
|||
/* top edge */
|
||||
flatFamilyEdge = cf2_blueToFixed( familyOtherBlues[j + 1] );
|
||||
|
||||
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
|
||||
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
|
||||
flatFamilyEdge ) );
|
||||
|
||||
if ( diff < minDiff && diff < csUnitsPerPixel )
|
||||
{
|
||||
|
@ -319,7 +320,8 @@
|
|||
/* top edge */
|
||||
flatFamilyEdge = cf2_blueToFixed( familyBlues[1] );
|
||||
|
||||
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
|
||||
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
|
||||
flatFamilyEdge ) );
|
||||
|
||||
if ( diff < minDiff && diff < csUnitsPerPixel )
|
||||
blues->zone[i].csFlatEdge = flatFamilyEdge;
|
||||
|
@ -342,7 +344,8 @@
|
|||
/* adjust edges of top zone upward by twice darkening amount */
|
||||
flatFamilyEdge += 2 * font->darkenY; /* bottom edge */
|
||||
|
||||
diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
|
||||
diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
|
||||
flatFamilyEdge ) );
|
||||
|
||||
if ( diff < minDiff && diff < csUnitsPerPixel )
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue