ref: 079a22da037835daf5be2bd9eccf7bc1eaa2e783
parent: 978eefee5401abee6bf702c6bcde9afb47893145
author: Werner Lemberg <wl@gnu.org>
date: Tue Apr 19 05:28:21 EDT 2022
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46792
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1104,8 +1104,8 @@
for ( ; vec < limit; vec++, u++ )
{- vec->x = ( FT_MulFix( u->x, x_scale ) + 32 ) >> 6;
- vec->y = ( FT_MulFix( u->y, y_scale ) + 32 ) >> 6;
+ vec->x = ADD_LONG( FT_MulFix( u->x, x_scale ), 32 ) >> 6;
+ vec->y = ADD_LONG( FT_MulFix( u->y, y_scale ), 32 ) >> 6;
}
}
else