diff options
author | Werner Lemberg <wl@gnu.org> | 2018-12-25 19:24:06 +0100 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2018-12-25 19:24:06 +0100 |
commit | 5e02965905e64e543a92d8d29fba32c86b350104 (patch) | |
tree | 298ad3e0d021293380802872b7c6a13f6c1b076b | |
parent | ec439711b1d32ea8182fa98df73166120b7b0cb0 (diff) | |
download | freetype2-5e02965905e64e543a92d8d29fba32c86b350104.tar.gz |
* src/psaux/cffdecode.c (cff_operaor_seac): Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11915
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | src/psaux/cffdecode.c | 4 |
2 files changed, 10 insertions, 2 deletions
@@ -1,3 +1,11 @@ +2018-12-25 Werner Lemberg <wl@gnu.org> + + * src/psaux/cffdecode.c (cff_operaor_seac): Fix numeric overflow. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11915 + 2018-12-12 Werner Lemberg <wl@gnu.org> [gxvalid] Fix compiler warnings. diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c index 09a77cd3c..def2b228c 100644 --- a/src/psaux/cffdecode.c +++ b/src/psaux/cffdecode.c @@ -235,8 +235,8 @@ return FT_THROW( Syntax_Error ); } - adx += decoder->builder.left_bearing.x; - ady += decoder->builder.left_bearing.y; + adx = ADD_LONG( adx, decoder->builder.left_bearing.x ); + ady = ADD_LONG( ady, decoder->builder.left_bearing.y ); #ifdef FT_CONFIG_OPTION_INCREMENTAL /* Incremental fonts don't necessarily have valid charsets. */ |