Commit 70ac167c47f5ca966fb578b1f215430f46915a49
2018-04-16T10:39:10
[truetype] Integer overflow issues. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718 * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
diff --git a/ChangeLog b/ChangeLog
index 0197dcb..3162560 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-04-16 Werner Lemberg <wl@gnu.org>
+
+ [truetype] Integer overflow issues.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718
+
+ * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
+
2018-04-15 Alexei Podtelezhnikov <apodtele@gmail.com>
[build] Use `info' function of make 3.81.
@@ -46,7 +56,7 @@
2018-04-10 Nikolaus Waxweiler <madigens@gmail.com>
- * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive
+ * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive
modernization measures.
This brings up the minimum required CMake version to 2.8.12.
@@ -102,7 +112,7 @@
builds/windows/vc2008/freetype.vcproj,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/freetype.dsp,
- builds/windows/visualc/freetype.vcproj,
+ builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/freetype.dsp: Remove per-file compile flags.
2018-04-04 Werner Lemberg <wl@gnu.org>
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index c66c699..336b46b 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -6193,7 +6193,7 @@
minimum_distance = exc->GS.minimum_distance;
control_value_cutin = exc->GS.control_value_cutin;
point = (FT_UShort)args[0];
- cvtEntry = (FT_ULong)( args[1] + 1 );
+ cvtEntry = (FT_ULong)( ADD_LONG( args[1], 1 ) );
#ifdef TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY
if ( SUBPIXEL_HINTING_INFINALITY &&