mirrors/freetype
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows.

Browse Source 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579
This commit is contained in:
Werner Lemberg 2017-10-08 11:58:39 +02:00
parent 08e2e311ef
commit b7e43f7d7d
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2017-10-08 Werner Lemberg <wl@gnu.org>
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3579
2017-10-07 Werner Lemberg <wl@gnu.org>
[sfnt] Adjust behaviour of PS font names for variation fonts.

20
src/base/ftobjs.c
View File

@ -372,29 +372,29 @@
if ( cbox.xMax - cbox.xMin < 64 )
{
cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
cbox.xMax = FT_PIX_CEIL( cbox.xMax );
cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
}
else
{
cbox.xMin = FT_PIX_ROUND( cbox.xMin );
cbox.xMax = FT_PIX_ROUND( cbox.xMax );
cbox.xMin = FT_PIX_ROUND_LONG( cbox.xMin );
cbox.xMax = FT_PIX_ROUND_LONG( cbox.xMax );
}
if ( cbox.yMax - cbox.yMin < 64 )
{
cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
cbox.yMax = FT_PIX_CEIL( cbox.yMax );
cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
}
else
{
cbox.yMin = FT_PIX_ROUND( cbox.yMin );
cbox.yMax = FT_PIX_ROUND( cbox.yMax );
cbox.yMin = FT_PIX_ROUND_LONG( cbox.yMin );
cbox.yMax = FT_PIX_ROUND_LONG( cbox.yMax );
}
#else
cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
cbox.xMax = FT_PIX_CEIL( cbox.xMax );
cbox.yMax = FT_PIX_CEIL( cbox.yMax );
cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
#endif
break;
@ -415,8 +415,8 @@
Round:
cbox.xMin = FT_PIX_FLOOR( cbox.xMin );
cbox.yMin = FT_PIX_FLOOR( cbox.yMin );
cbox.xMax = FT_PIX_CEIL( cbox.xMax );
cbox.yMax = FT_PIX_CEIL( cbox.yMax );
cbox.xMax = FT_PIX_CEIL_LONG( cbox.xMax );
cbox.yMax = FT_PIX_CEIL_LONG( cbox.yMax );
}
x_shift = SUB_LONG( x_shift, cbox.xMin );