[freetype2] master 7a4276f: [cff] More integer overflows.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 7a4276f: [cff] More integer overflows.

From:	Werner LEMBERG
Subject:	[freetype2] master 7a4276f: [cff] More integer overflows.
Date:	Fri, 2 Jun 2017 03:21:53 -0400 (EDT)

branch: master
commit 7a4276fb9095430b86b329f52fb8dfe26f966dcd
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [cff] More integer overflows.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
    
    * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
---
 ChangeLog          | 10 ++++++++++
 src/cff/cf2blues.c |  9 ++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6194a2f..1b7335d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2017-06-02  Werner Lemberg  <address@hidden>
 
+       [cff] More integer overflows.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
+
+       * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
+
+2017-06-02  Werner Lemberg  <address@hidden>
+
        [bdf] Don't left-shift negative numbers.
 
        Reported as
diff --git a/src/cff/cf2blues.c b/src/cff/cf2blues.c
index 141d0fc..950c714 100644
--- a/src/cff/cf2blues.c
+++ b/src/cff/cf2blues.c
@@ -301,7 +301,8 @@
           /* top edge */
           flatFamilyEdge = cf2_blueToFixed( familyOtherBlues[j + 1] );
 
-          diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
+          diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
+                                                   flatFamilyEdge ) );
 
           if ( diff < minDiff && diff < csUnitsPerPixel )
           {
@@ -319,7 +320,8 @@
           /* top edge */
           flatFamilyEdge = cf2_blueToFixed( familyBlues[1] );
 
-          diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
+          diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
+                                                   flatFamilyEdge ) );
 
           if ( diff < minDiff && diff < csUnitsPerPixel )
             blues->zone[i].csFlatEdge = flatFamilyEdge;
@@ -342,7 +344,8 @@
           /* adjust edges of top zone upward by twice darkening amount */
           flatFamilyEdge += 2 * font->darkenY;      /* bottom edge */
 
-          diff = cf2_fixedAbs( flatEdge - flatFamilyEdge );
+          diff = cf2_fixedAbs( OVERFLOW_SUB_INT32( flatEdge,
+                                                   flatFamilyEdge ) );
 
           if ( diff < minDiff && diff < csUnitsPerPixel )
           {

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master 7a4276f: [cff] More integer overflows., Werner LEMBERG <=

Prev by Date: [freetype2] master 03b0cc2: [bdf] Don't left-shift negative numbers.
Next by Date: [freetype2] master 0716c6a: [cff] Even more integer overflows.
Previous by thread: [freetype2] master 03b0cc2: [bdf] Don't left-shift negative numbers.
Next by thread: [freetype2] master 0716c6a: [cff] Even more integer overflows.
Index(es):
- Date
- Thread