* src/psaux/cffdecode.c (cff_operaor_seac): Fix numeric overflow.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11915
author: Werner Lemberg <wl@gnu.org> 2018-12-25 19:24:06 +0100
committer: Werner Lemberg <wl@gnu.org> 2018-12-25 19:24:06 +0100
commit: 5e02965905e64e543a92d8d29fba32c86b350104 (patch)
tree: 298ad3e0d021293380802872b7c6a13f6c1b076b
parent: ec439711b1d32ea8182fa98df73166120b7b0cb0 (diff)
download: freetype2-5e02965905e64e543a92d8d29fba32c86b350104.tar.gz
2 files changed, 10 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index a6c02b9b0..c9629a882 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-12-25  Werner Lemberg  <wl@gnu.org>
+
+	* src/psaux/cffdecode.c (cff_operaor_seac): Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11915
+
 2018-12-12  Werner Lemberg  <wl@gnu.org>
 
 	[gxvalid] Fix compiler warnings.
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 09a77cd3c..def2b228c 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -235,8 +235,8 @@
       return FT_THROW( Syntax_Error );
     }
 
-    adx += decoder->builder.left_bearing.x;
-    ady += decoder->builder.left_bearing.y;
+    adx = ADD_LONG( adx, decoder->builder.left_bearing.x );
+    ady = ADD_LONG( ady, decoder->builder.left_bearing.y );
 
 #ifdef FT_CONFIG_OPTION_INCREMENTAL
     /* Incremental fonts don't necessarily have valid charsets.        */
author	Werner Lemberg <wl@gnu.org>	2018-12-25 19:24:06 +0100
committer	Werner Lemberg <wl@gnu.org>	2018-12-25 19:24:06 +0100
commit	5e02965905e64e543a92d8d29fba32c86b350104 (patch)
tree	298ad3e0d021293380802872b7c6a13f6c1b076b
parent	ec439711b1d32ea8182fa98df73166120b7b0cb0 (diff)
download	freetype2-5e02965905e64e543a92d8d29fba32c86b350104.tar.gz