ref: fda356b742da3b1c0e2bf039227fa324b97b9f8b
parent: 839cb404cf73f4410d58ebb3a99d16e08f4bdee7
author: Armin Hasitzka <[email protected]>
date: Mon Jul 16 14:45:23 EDT 2018
* include/freetype/internal/ftcalc.h: Add macros for handling harmless over-/underflowing `FT_Int' values. * src/sfnt/sfdriver.c (fixed2float): Fix negation of `(int)(-2147483648)'. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9423
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-07-16 Armin Hasitzka <[email protected]>
+
+ * include/freetype/internal/ftcalc.h: Add macros for handling
+ harmless over-/underflowing `FT_Int' values.
+
+ * src/sfnt/sfdriver.c (fixed2float): Fix negation of
+ `(int)(-2147483648)'.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9423
+
2018-07-16 Werner Lemberg <[email protected]>
* src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error.
--- a/include/freetype/internal/ftcalc.h
+++ b/include/freetype/internal/ftcalc.h
@@ -462,6 +462,15 @@
*
* Use with care!
*/
+#define ADD_INT( a, b ) \
+ (FT_Int)( (FT_UInt)(a) + (FT_UInt)(b) )
+#define SUB_INT( a, b ) \
+ (FT_Int)( (FT_UInt)(a) - (FT_UInt)(b) )
+#define MUL_INT( a, b ) \
+ (FT_Int)( (FT_UInt)(a) * (FT_UInt)(b) )
+#define NEG_INT( a ) \
+ (FT_Int)( (FT_UInt)0 - (FT_UInt)(a) )
+
#define ADD_LONG( a, b ) \
(FT_Long)( (FT_ULong)(a) + (FT_ULong)(b) )
#define SUB_LONG( a, b ) \
--- a/src/sfnt/sfdriver.c
+++ b/src/sfnt/sfdriver.c
@@ -677,7 +677,7 @@
if ( fixed < 0 )
{*p++ = '-';
- fixed = -fixed;
+ fixed = NEG_INT( fixed );
}
int_part = ( fixed >> 16 ) & 0xFFFF;