shithub: freetype+ttf2subf

Download patch

ref: 2a1597826a84275660e7410368200b37f85ffdaf
parent: 632a11f91f0d932ac498e9e6ca022c9903ab05e9
author: Werner Lemberg <[email protected]>
date: Tue Apr 17 08:25:17 EDT 2018 

[truetype] Integer overflow issues.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739

* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-04-17  Werner Lemberg  <[email protected]>
+
+	[truetype] Integer overflow issues.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739
+
+	* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.
+
 2018-04-16  Werner Lemberg  <[email protected]>
 
 	[truetype] Integer overflow issues.
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -2954,7 +2954,7 @@
   static void
   Ins_CEILING( FT_Long*  args )
   {
-    args[0] = FT_PIX_CEIL( args[0] );
+    args[0] = FT_PIX_CEIL_LONG( args[0] );
   }