[freetype2] master bd9400b: [truetype] Integer overflow issues.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master bd9400b: [truetype] Integer overflow issues.

From:	Werner LEMBERG
Subject:	[freetype2] master bd9400b: [truetype] Integer overflow issues.
Date:	Mon, 9 Apr 2018 15:29:22 -0400 (EDT)

branch: master
commit bd9400bd464f6cd7c74f52ece1c1065fe2a87aab
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [truetype] Integer overflow issues.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7453
    
    * src/truetype/ttinterp.c (Round_Super, Round_Super_45): Use
    ADD_LONG and SUB_LONG.
---
 ChangeLog               | 11 +++++++++++
 src/truetype/ttinterp.c |  8 ++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 57540b4..01ed40e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-04-09  Werner Lemberg  <address@hidden>
+
+       [truetype] Integer overflow issues.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7453
+
+       * src/truetype/ttinterp.c (Round_Super, Round_Super_45): Use
+       ADD_LONG and SUB_LONG.
+
 2018-04-06  Alexei Podtelezhnikov  <address@hidden>
 
        [windows, wince] Clean up legacy project files.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 240dae9..6a5b823 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -2165,7 +2165,7 @@
       val = ADD_LONG( distance,
                       exc->threshold - exc->phase + compensation ) &
               -exc->period;
-      val += exc->phase;
+      val = ADD_LONG( val, exc->phase );
       if ( val < 0 )
         val = exc->phase;
     }
@@ -2174,7 +2174,7 @@
       val = NEG_LONG( SUB_LONG( exc->threshold - exc->phase + compensation,
                                 distance ) &
                         -exc->period );
-      val -= exc->phase;
+      val = SUB_LONG( val, exc->phase );
       if ( val > 0 )
         val = -exc->phase;
     }
@@ -2216,7 +2216,7 @@
       val = ( ADD_LONG( distance,
                         exc->threshold - exc->phase + compensation ) /
                 exc->period ) * exc->period;
-      val += exc->phase;
+      val = ADD_LONG( val, exc->phase );
       if ( val < 0 )
         val = exc->phase;
     }
@@ -2225,7 +2225,7 @@
       val = NEG_LONG( ( SUB_LONG( exc->threshold - exc->phase + compensation,
                                   distance ) /
                           exc->period ) * exc->period );
-      val -= exc->phase;
+      val = SUB_LONG( val, exc->phase );
       if ( val > 0 )
         val = -exc->phase;
     }

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master bd9400b: [truetype] Integer overflow issues., Werner LEMBERG <=

Prev by Date: [freetype2] master cdddeff: [windows, wince] Clean up legacy project files.
Next by Date: [freetype2] master 029721d: Modernize CMake build.
Previous by thread: [freetype2] master cdddeff: [windows, wince] Clean up legacy project files.
Next by thread: [freetype2] master 029721d: Modernize CMake build.
Index(es):
- Date
- Thread