ref: b7e43f7d7dc9a2fdb488c989162272e840c88bb8
parent: 08e2e311ef0d59e45f845fbd24cc20bea6e2e72d
author: Werner Lemberg <[email protected]>
date: Sun Oct 8 07:58:39 EDT 2017
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-10-08 Werner Lemberg <[email protected]>
+
+ * src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579
+
2017-10-07 Werner Lemberg <[email protected]>
[sfnt] Adjust behaviour of PS font names for variation fonts.
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -372,29 +372,29 @@
if ( cbox.xMax - cbox.xMin < 64 )
{cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
- cbox.xMax = FT_PIX_CEIL( cbox.xMax );
+ cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
}
else
{- cbox.xMin = FT_PIX_ROUND( cbox.xMin );
- cbox.xMax = FT_PIX_ROUND( cbox.xMax );
+ cbox.xMin = FT_PIX_ROUND_LONG( cbox.xMin );
+ cbox.xMax = FT_PIX_ROUND_LONG( cbox.xMax );
}
if ( cbox.yMax - cbox.yMin < 64 )
{cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
- cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+ cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
}
else
{- cbox.yMin = FT_PIX_ROUND( cbox.yMin );
- cbox.yMax = FT_PIX_ROUND( cbox.yMax );
+ cbox.yMin = FT_PIX_ROUND_LONG( cbox.yMin );
+ cbox.yMax = FT_PIX_ROUND_LONG( cbox.yMax );
}
#else
cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
- cbox.xMax = FT_PIX_CEIL( cbox.xMax );
- cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+ cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
+ cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
#endif
break;
@@ -415,8 +415,8 @@
Round:
cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
- cbox.xMax = FT_PIX_CEIL( cbox.xMax );
- cbox.yMax = FT_PIX_CEIL( cbox.yMax );
+ cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
+ cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
}
x_shift = SUB_LONG( x_shift, cbox.xMin );