kc3-lang/freetype

Browse

Commit b7e43f7d7dc9a2fdb488c989162272e840c88bb8

Werner Lemberg 2017-10-08T11:58:39

* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

diff --git a/ChangeLog b/ChangeLog
index 2e8c6d8..178ea06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-10-08  Werner Lemberg  <wl@gnu.org>
+
+	* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579
+
 2017-10-07  Werner Lemberg  <wl@gnu.org>
 
 	[sfnt] Adjust behaviour of PS font names for variation fonts.
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 2258a31..3569ca2 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -372,29 +372,29 @@
       if ( cbox.xMax - cbox.xMin < 64 )
       {
         cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
-        cbox.xMax = FT_PIX_CEIL( cbox.xMax );
+        cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
       }
       else
       {
-        cbox.xMin = FT_PIX_ROUND( cbox.xMin );
-        cbox.xMax = FT_PIX_ROUND( cbox.xMax );
+        cbox.xMin = FT_PIX_ROUND_LONG( cbox.xMin );
+        cbox.xMax = FT_PIX_ROUND_LONG( cbox.xMax );
       }
 
       if ( cbox.yMax - cbox.yMin < 64 )
       {
         cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
-        cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+        cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
       }
       else
       {
-        cbox.yMin = FT_PIX_ROUND( cbox.yMin );
-        cbox.yMax = FT_PIX_ROUND( cbox.yMax );
+        cbox.yMin = FT_PIX_ROUND_LONG( cbox.yMin );
+        cbox.yMax = FT_PIX_ROUND_LONG( cbox.yMax );
       }
 #else
       cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
       cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
-      cbox.xMax = FT_PIX_CEIL( cbox.xMax );
-      cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+      cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
+      cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
 #endif
       break;
 
@@ -415,8 +415,8 @@
     Round:
       cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
       cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
-      cbox.xMax = FT_PIX_CEIL( cbox.xMax );
-      cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+      cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
+      cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
     }
 
     x_shift = SUB_LONG( x_shift, cbox.xMin );
kmx.io     mail     discord kmxgit v0.4.0