ref: 6d04bd991bf4ab1c77f0cffe2f317920d00b6c46
parent: 1ad07c1c79841e54ff3d5c37e28bfb91f402ee84
author: Werner Lemberg <[email protected]>
date: Thu Sep 21 17:22:51 EDT 2017
[truetype] Integer overflow (#52082). * src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2017-09-21 Werner Lemberg <[email protected]>
+ [truetype] Integer overflow (#52082).
+
+ * src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
+
+2017-09-21 Werner Lemberg <[email protected]>
+
[sfnt] Fix postscript name for default instance of variation fonts.
Problem reported by Behdad.
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -6078,8 +6078,9 @@
/* single width cut-in test */
- if ( FT_ABS( org_dist - exc->GS.single_width_value ) <
- exc->GS.single_width_cutin )
+ /* |org_dist - single_width_value| < single_width_cutin */
+ if ( org_dist < exc->GS.single_width_value + exc->GS.single_width_cutin ||
+ org_dist > exc->GS.single_width_value - exc->GS.single_width_cutin )
{if ( org_dist >= 0 )
org_dist = exc->GS.single_width_value;