Commit 934a6159ba940fe15f02a84deeccdb789823242e
2018-08-29T15:28:21
Fix numeric overflows. * src/pshint/pshalgo.c (psh_hint_align, psh_hint_align_light, psh_hint_table_find_strong_points): Fix numeric overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10083
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
diff --git a/ChangeLog b/ChangeLog
index 60da292..f38b201 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-08-29 Armin Hasitzka <prince.cherusker@gmail.com>
+
+ Fix numeric overflows.
+
+ * src/pshint/pshalgo.c (psh_hint_align, psh_hint_align_light,
+ psh_hint_table_find_strong_points): Fix numeric overflows.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10083
+
2018-08-29 Werner Lemberg <wl@gnu.org>
[cff] Fix handling of `roll' op in old engine.
diff --git a/src/pshinter/pshalgo.c b/src/pshinter/pshalgo.c
index 1a36548..fcdaf6e 100644
--- a/src/pshinter/pshalgo.c
+++ b/src/pshinter/pshalgo.c
@@ -479,7 +479,7 @@
if ( dimension == 1 )
psh_blues_snap_stem( &globals->blues,
- hint->org_pos + hint->org_len,
+ ADD_INT( hint->org_pos, hint->org_len ),
hint->org_pos,
&align );
@@ -703,7 +703,7 @@
if ( dimension == 1 )
psh_blues_snap_stem( &globals->blues,
- hint->org_pos + hint->org_len,
+ ADD_INT( hint->org_pos, hint->org_len ),
hint->org_pos,
&align );
@@ -1538,8 +1538,8 @@
PSH_Hint hint = sort[nn];
- if ( org_u >= hint->org_pos &&
- org_u <= hint->org_pos + hint->org_len )
+ if ( org_u >= hint->org_pos &&
+ org_u <= ADD_INT( hint->org_pos, hint->org_len ) )
{
point->hint = hint;
break;