summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWerner Lemberg <wl@gnu.org>2018-10-29 21:25:10 +0100
committerWerner Lemberg <wl@gnu.org>2018-10-29 21:25:10 +0100
commitc13635ee4bf34e621816cd09d7f2baf918e20af8 (patch)
treedf170ad34e1397757b6246ab345f3eace7fe9c32
parentba62f9d8f5f85c6dda93b481271de37fb1f09e77 (diff)
downloadfreetype2-c13635ee4bf34e621816cd09d7f2baf918e20af8.tar.gz
[base] Fix numeric overflow.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11080 * src/base/ftoutln.c (FT_Outline_Get_Orientation): Use `MUL_LONG'.
Diffstat
-rw-r--r--ChangeLog10
-rw-r--r--src/base/ftoutln.c3
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 7854293d1..94879e578 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2018-10-29 Werner Lemberg <wl@gnu.org>
+ [base] Fix numeric overflow.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11080
+
+ * src/base/ftoutln.c (FT_Outline_Get_Orientation): Use `MUL_LONG'.
+
+2018-10-29 Werner Lemberg <wl@gnu.org>
+
[cff] Fix numeric overflow.
Reported as
diff --git a/src/base/ftoutln.c b/src/base/ftoutln.c
index 85a469737..f54ebdf5c 100644
--- a/src/base/ftoutln.c
+++ b/src/base/ftoutln.c
@@ -1076,7 +1076,8 @@
v_cur.y = points[n].y >> yshift;
area = ADD_LONG( area,
- ( v_cur.y - v_prev.y ) * ( v_cur.x + v_prev.x ) );
+ MUL_LONG( v_cur.y - v_prev.y,
+ v_cur.x + v_prev.x ) );
v_prev = v_cur;
}
View Lorry Controller Status