shithub: freetype+ttf2subf

Download patch

ref: ec7d2e5f683dab0d1471cbc1f25d0e65aae63b5d
parent: 97cd12657daf11fea4aee85c94716e3663f94fc8
author: Werner Lemberg <[email protected]>
date: Thu Sep 28 10:21:34 EDT 2017 

* src/psaux/psintrp.c (cf2_doStems): Fix integer overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3510

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-09-28  Werner Lemberg  <[email protected]>
+
+	* src/psaux/psintrp.c (cf2_doStems): Fix integer overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3510
+
 2017-09-28  Ewald Hew  <[email protected]>
 
 	* src/cid/cidgload.c (cid_slot_load_glyph): Fix memory leak.
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@@ -297,8 +297,8 @@
                  " No width. Use hsbw/sbw as first op\n" ));
     }
     if ( !font->isT1 && hasWidthArg && !*haveWidth )
-      *width = cf2_stack_getReal( opStack, 0 ) +
-                 cf2_getNominalWidthX( font->decoder );
+      *width = ADD_INT32( cf2_stack_getReal( opStack, 0 ),
+                          cf2_getNominalWidthX( font->decoder ) );
 
     if ( font->decoder->width_only )
       goto exit;