kc3-lang/freetype

Browse

Commit 9adc3b35f1a6909c1785c42ae7b8cf369634b225

Werner Lemberg 2019-08-26T20:36:19

* src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

diff --git a/ChangeLog b/ChangeLog
index fdd4e2b..b6c3b32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2019-08-26  Werner Lemberg  <wl@gnu.org>
 
+	* src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470
+
+2019-08-26  Werner Lemberg  <wl@gnu.org>
+
 	[type1] Fix `FT_Get_Var_Axis_Flags' (#56804).
 
 	* src/type1/t1load.c (T1_Get_MM_Var): Allocate space for axis flags.
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 17cccf8..06c6af4 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -330,7 +330,7 @@
     builder->left_bearing.x = 0;
     builder->left_bearing.y = 0;
 
-    builder->pos_x = adx - asb;
+    builder->pos_x = SUB_LONG( adx, asb );
     builder->pos_y = ady;
 
     /* Now load `achar' on top of the base outline. */
kmx.io     mail     discord kmxgit v0.4.0