[freetype2] master 70ac167: [truetype] Integer overflow issues.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 70ac167: [truetype] Integer overflow issues.

From:	Werner LEMBERG
Subject:	[freetype2] master 70ac167: [truetype] Integer overflow issues.
Date:	Mon, 16 Apr 2018 04:39:25 -0400 (EDT)

branch: master
commit 70ac167c47f5ca966fb578b1f215430f46915a49
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [truetype] Integer overflow issues.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718
    
    * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
---
 ChangeLog               | 14 ++++++++++++--
 src/truetype/ttinterp.c |  2 +-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0197dcb..3162560 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-04-16  Werner Lemberg  <address@hidden>
+
+       [truetype] Integer overflow issues.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718
+
+       * src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
+
 2018-04-15  Alexei Podtelezhnikov  <address@hidden>
 
        [build] Use `info' function of make 3.81.
@@ -46,7 +56,7 @@
 
 2018-04-10  Nikolaus Waxweiler  <address@hidden>
 
-       * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive 
+       * CMakeLists.txt, builds/cmake/FindHarfBuzz.cmake: Extensive
        modernization measures.
 
        This brings up the minimum required CMake version to 2.8.12.
@@ -102,7 +112,7 @@
        builds/windows/vc2008/freetype.vcproj,
        builds/windows/visualce/freetype.vcproj,
        builds/windows/visualce/freetype.dsp,
-       builds/windows/visualc/freetype.vcproj, 
+       builds/windows/visualc/freetype.vcproj,
        builds/windows/visualc/freetype.dsp: Remove per-file compile flags.
 
 2018-04-04  Werner Lemberg  <address@hidden>
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index c66c699..336b46b 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -6193,7 +6193,7 @@
     minimum_distance    = exc->GS.minimum_distance;
     control_value_cutin = exc->GS.control_value_cutin;
     point               = (FT_UShort)args[0];
-    cvtEntry            = (FT_ULong)( args[1] + 1 );
+    cvtEntry            = (FT_ULong)( ADD_LONG( args[1], 1 ) );
 
 #ifdef TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY
     if ( SUBPIXEL_HINTING_INFINALITY                        &&

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master 70ac167: [truetype] Integer overflow issues., Werner LEMBERG <=

Prev by Date: [freetype2] master 939bbee: [docmaker] Make it work with python3.
Next by Date: [freetype2] master 632a11f: CHANGES: Mention CVE-2018-6942.
Previous by thread: [freetype2] master 939bbee: [docmaker] Make it work with python3.
Next by thread: [freetype2] master 632a11f: CHANGES: Mention CVE-2018-6942.
Index(es):
- Date
- Thread