[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master bfe5329: [psaux] Fix numeric overflow.
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master bfe5329: [psaux] Fix numeric overflow. |
|
Date: |
Fri, 26 Oct 2018 18:08:45 -0400 (EDT) |
branch: master
commit bfe53294757b03873b1432b7c1cd3e027802c634
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[psaux] Fix numeric overflow.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11157
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_blend>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Fix integer overflow.
---
ChangeLog | 11 +++++++++++
src/psaux/cffdecode.c | 3 ++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index d96be84..5bb6ba7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-10-27 Werner Lemberg <address@hidden>
+
+ [psaux] Fix numeric overflow.
+
+ Triggered by
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11157
+
+ * src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_blend>
+ [CFF_CONFIG_OPTION_OLD_ENGINE]: Fix integer overflow.
+
2018-10-20 Werner Lemberg <address@hidden>
Avoid endless loop while tracing (#54858).
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 58a516f..ac1bc1f 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -1950,7 +1950,8 @@
if ( num_results < 0 )
goto Syntax_Error;
- if ( num_results * (FT_Int)num_designs > num_args )
+ if ( num_results > num_args ||
+ num_results * (FT_Int)num_designs > num_args )
goto Stack_Underflow;
/* since we currently don't handle interpolation of multiple */
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master bfe5329: [psaux] Fix numeric overflow.,
Werner LEMBERG <=