Commit c3083e459584d0e8481fa2401232c8a3145fae4b

Werner Lemberg 2017-10-05T14:32:24

* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539

diff --git a/ChangeLog b/ChangeLog
index 1890cbf..f131f2f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2017-10-05  Werner Lemberg  <wl@gnu.org>
 
+	* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Fix integer
+	overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3539
+
+2017-10-05  Werner Lemberg  <wl@gnu.org>
+
 	Fix compiler warnings.
 
 	* src/cff/cffdrivr.c (cff_ps_get_font_extra): Avoid code that relies
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 79e7511..2258a31 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -419,8 +419,8 @@
       cbox.yMax = FT_PIX_CEIL( cbox.yMax );
     }
 
-    x_shift -= cbox.xMin;
-    y_shift -= cbox.yMin;
+    x_shift = SUB_LONG( x_shift, cbox.xMin );
+    y_shift = SUB_LONG( y_shift, cbox.yMin );
 
     x_left = cbox.xMin >> 6;
     y_top  = cbox.yMax >> 6;