kc3-lang/freetype

Browse

Commit 6d04bd991bf4ab1c77f0cffe2f317920d00b6c46

Werner Lemberg 2017-09-21T21:22:51

[truetype] Integer overflow (#52082). * src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

diff --git a/ChangeLog b/ChangeLog
index f789721..69e6275 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2017-09-21  Werner Lemberg  <wl@gnu.org>
 
+	[truetype] Integer overflow (#52082).
+
+	* src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
+
+2017-09-21  Werner Lemberg  <wl@gnu.org>
+
 	[sfnt] Fix postscript name for default instance of variation fonts.
 
 	Problem reported by Behdad.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index c3d7103..e3c8f12 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -6078,8 +6078,9 @@
 
     /* single width cut-in test */
 
-    if ( FT_ABS( org_dist - exc->GS.single_width_value ) <
-         exc->GS.single_width_cutin )
+    /* |org_dist - single_width_value| < single_width_cutin */
+    if ( org_dist < exc->GS.single_width_value + exc->GS.single_width_cutin ||
+         org_dist > exc->GS.single_width_value - exc->GS.single_width_cutin )
     {
       if ( org_dist >= 0 )
         org_dist = exc->GS.single_width_value;
kmx.io     mail     discord kmxgit v0.4.0