Commit 079a22da037835daf5be2bd9eccf7bc1eaa2e783
2022-04-19T09:28:21
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46792
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 0ecde22..2ca63d6 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1104,8 +1104,8 @@
for ( ; vec < limit; vec++, u++ )
{
- vec->x = ( FT_MulFix( u->x, x_scale ) + 32 ) >> 6;
- vec->y = ( FT_MulFix( u->y, y_scale ) + 32 ) >> 6;
+ vec->x = ADD_LONG( FT_MulFix( u->x, x_scale ), 32 ) >> 6;
+ vec->y = ADD_LONG( FT_MulFix( u->y, y_scale ), 32 ) >> 6;
}
}
else