kc3-lang/freetype

Browse

Commit 0636dc8af1e502c343b126b50f3a0dbec8f3fc26

Werner Lemberg 2021-02-03T19:16:02

[psaux] Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30154 * src/psaux/psblues.c (cf2_blues_capture): Use `SUB_INT32`. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

diff --git a/ChangeLog b/ChangeLog
index f1a2106..4f4af4e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2021-02-03  Werner Lemberg  <wl@gnu.org>
+
+	[psaux] Fix integer overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30154
+
+	* src/psaux/psblues.c (cf2_blues_capture): Use `SUB_INT32`.
+
 2021-02-02  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	* builds/unix/configure.raw [mmap support]: Explicitly handle Windows.
diff --git a/src/psaux/psblues.c b/src/psaux/psblues.c
index 3878e9b..7bfd419 100644
--- a/src/psaux/psblues.c
+++ b/src/psaux/psblues.c
@@ -506,7 +506,8 @@
             /* guarantee minimum of 1 pixel overshoot */
             dsNew = FT_MIN(
                       cf2_fixedRound( bottomHintEdge->dsCoord ),
-                      blues->zone[i].dsFlatEdge - cf2_intToFixed( 1 ) );
+                      SUB_INT32 ( blues->zone[i].dsFlatEdge,
+                                  cf2_intToFixed( 1 ) ) );
           }
 
           else
kmx.io     mail     discord kmxgit v0.4.0