ref: 9adc3b35f1a6909c1785c42ae7b8cf369634b225
parent: 7d1d3b9a0e9310376a559ad2eac8a9dc4c60ce59
author: Werner Lemberg <[email protected]>
date: Mon Aug 26 16:36:19 EDT 2019
* src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2019-08-26 Werner Lemberg <[email protected]>
+ * src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470
+
+2019-08-26 Werner Lemberg <[email protected]>
+
[type1] Fix `FT_Get_Var_Axis_Flags' (#56804).
* src/type1/t1load.c (T1_Get_MM_Var): Allocate space for axis flags.
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -330,7 +330,7 @@
builder->left_bearing.x = 0;
builder->left_bearing.y = 0;
- builder->pos_x = adx - asb;
+ builder->pos_x = SUB_LONG( adx, asb );
builder->pos_y = ady;
/* Now load `achar' on top of the base outline. */