ref: c5a225413ffd6f3e032cede5a14d64a2c2c047a2
parent: 0716c6ab7a1c43ba88192498d23e84178e216820
author: Werner Lemberg <[email protected]>
date: Sat Jun 3 02:13:10 EDT 2017
ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-06-03 Werner Lemberg <[email protected]>
+
+ ftcalc.h: Avoid left-shift of negative numbers.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055
+
+ * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6,
+ INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
+
2017-06-02 Werner Lemberg <[email protected]>
[cff] Even more integer overflows.
--- a/include/freetype/internal/ftcalc.h
+++ b/include/freetype/internal/ftcalc.h
@@ -399,10 +399,10 @@
#endif /* 0 */
-#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) << 6 )
-#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) << 14 )
-#define INT_TO_FIXED( x ) ( (FT_Long)(x) << 16 )
-#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) << 2 )
+#define INT_TO_F26DOT6( x ) ( (FT_Long)(x) * 64 ) /* << 6 */
+#define INT_TO_F2DOT14( x ) ( (FT_Long)(x) * 16384 ) /* << 14 */
+#define INT_TO_FIXED( x ) ( (FT_Long)(x) * 65536 ) /* << 16 */
+#define F2DOT14_TO_FIXED( x ) ( (FT_Long)(x) * 4 ) /* << 2 */
#define FIXED_TO_INT( x ) ( FT_RoundFix( x ) >> 16 )
#define ROUND_F26DOT6( x ) ( x >= 0 ? ( ( (x) + 32 ) & -64 ) \