[pshinter] Handle numeric overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10550 * src/pshinter/pshglob.c (psh_blues_snap_stem): Mask numeric overflow.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
diff --git a/ChangeLog b/ChangeLog
index 0b8da23..8a308a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-10-02 Werner Lemberg <wl@gnu.org>
+
+ [pshinter] Handle numeric overflow.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10550
+
+ * src/pshinter/pshglob.c (psh_blues_snap_stem): Mask numeric
+ overflow.
+
2018-09-27 Alexei Podtelezhnikov <apodtele@gmail.com>
Align FreeType with standard C memory management.
@@ -138,7 +149,7 @@
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10396
* src/pshinter/pshglob.c: Include FT_INTERNAL_CALC_H.
- (psh_blues_snap_stems): Mask numeric overflow.
+ (psh_blues_snap_stem): Mask numeric overflow.
2018-09-13 Werner Lemberg <wl@gnu.org>
diff --git a/src/pshinter/pshglob.c b/src/pshinter/pshglob.c
index 5f5ae2d..8706e2b 100644
--- a/src/pshinter/pshglob.c
+++ b/src/pshinter/pshglob.c
@@ -591,7 +591,7 @@
for ( ; count > 0; count--, zone-- )
{
- delta = zone->org_top - stem_bot;
+ delta = SUB_LONG( zone->org_top, stem_bot );
if ( delta < -blues->blue_fuzz )
break;