From c5a225413ffd6f3e032cede5a14d64a2c2c047a2 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 3 Jun 2017 06:13:10 +0200 Subject: [PATCH] ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication. --- ChangeLog | 11 +++++++++++ include/freetype/internal/ftcalc.h | 8 ++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 77446ec4a..5976f0ea0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2017-06-03 Werner Lemberg + + ftcalc.h: Avoid left-shift of negative numbers. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 + + * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, + INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication. + 2017-06-02 Werner Lemberg [cff] Even more integer overflows. diff --git a/include/freetype/internal/ftcalc.h b/include/freetype/internal/ftcalc.h index 2b040feea..5902e190e 100644 --- a/include/freetype/internal/ftcalc.h +++ b/include/freetype/internal/ftcalc.h @@ -399,10 +399,10 @@ FT_BEGIN_HEADER #endif /* 0 */ -#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) << 6 ) -#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) << 14 ) -#define INT_TO_FIXED( x ) ( (FT_Long)(x) << 16 ) -#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) << 2 ) +#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) * 64 ) /* << 6 */ +#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) * 16384 ) /* << 14 */ +#define INT_TO_FIXED( x ) ( (FT_Long)(x) * 65536 ) /* << 16 */ +#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) * 4 ) /* << 2 */ #define FIXED_TO_INT( x ) ( FT_RoundFix( x ) >> 16 ) #define ROUND_F26DOT6( x ) ( x >= 0 ? ( ( (x) + 32 ) & -64 ) \