rgraves
/
freetype2
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[truetype] Fix integer overflow. 

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312

* src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
This commit is contained in:
Werner Lemberg 2021-06-19 07:03:40 +02:00
parent 232243e749
commit b460a50610
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,13 @@
2021-06-19 Werner Lemberg <david@freetype.org>
[truetype] Fix integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312
* src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
2021-06-19 Werner Lemberg <david@freetype.org>
[autofit] Prevent hinting if there are too many segments.

2
src/truetype/ttinterp.c
View File

@ -3593,7 +3593,7 @@
return;
}
exc->IP += args[0];
exc->IP = ADD_LONG( exc->IP, args[0] );
if ( exc->IP < 0 ||
( exc->callTop > 0 &&
exc->IP > exc->callStack[exc->callTop - 1].Def->end ) )