Commit c5a225413ffd6f3e032cede5a14d64a2c2c047a2
2017-06-03T06:13:10
ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
diff --git a/ChangeLog b/ChangeLog
index 77446ec..5976f0e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-06-03 Werner Lemberg <wl@gnu.org>
+
+ ftcalc.h: Avoid left-shift of negative numbers.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055
+
+ * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6,
+ INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
+
2017-06-02 Werner Lemberg <wl@gnu.org>
[cff] Even more integer overflows.
diff --git a/include/freetype/internal/ftcalc.h b/include/freetype/internal/ftcalc.h
index 2b040fe..5902e19 100644
--- a/include/freetype/internal/ftcalc.h
+++ b/include/freetype/internal/ftcalc.h
@@ -399,10 +399,10 @@ FT_BEGIN_HEADER
#endif /* 0 */
-#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) << 6 )
-#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) << 14 )
-#define INT_TO_FIXED( x ) ( (FT_Long)(x) << 16 )
-#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) << 2 )
+#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) * 64 ) /* << 6 */
+#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) * 16384 ) /* << 14 */
+#define INT_TO_FIXED( x ) ( (FT_Long)(x) * 65536 ) /* << 16 */
+#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) * 4 ) /* << 2 */
#define FIXED_TO_INT( x ) ( FT_RoundFix( x ) >> 16 )
#define ROUND_F26DOT6( x ) ( x >= 0 ? ( ( (x) + 32 ) & -64 ) \