Commit 5e3a38b194f3a68e9a5a03a1bd0c6bb2eb3dec1f

Armin Hasitzka 2019-02-21T10:04:28

[psaux] Mask numeric overflow. * src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Mask numeric overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13041

diff --git a/ChangeLog b/ChangeLog
index f43a7ef..cb17e77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2019-02-21  Armin Hasitzka  <prince.cherusker@gmail.com>
+
+	[psaux] Mask numeric overflow.
+
+	* src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Mask numeric
+	overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13041
+
 2019-02-16  Wink Saville  <wink@saville.com>
 
 	* src/autofit/afwarp.h (af_warper_compute): Fix declaration.
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 6cc1d32..b11b75f 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -1556,9 +1556,9 @@
             }
 
             if ( dx < 0 )
-              dx = -dx;
+              dx = NEG_LONG( dx );
             if ( dy < 0 )
-              dy = -dy;
+              dy = NEG_LONG( dy );
 
             /* strange test, but here it is... */
             horizontal = ( dx > dy );