shithub: freetype+ttf2subf

Download patch

ref: 9adc3b35f1a6909c1785c42ae7b8cf369634b225
parent: 7d1d3b9a0e9310376a559ad2eac8a9dc4c60ce59
author: Werner Lemberg <wl@gnu.org>
date: Mon Aug 26 16:36:19 EDT 2019

* src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2019-08-26  Werner Lemberg  <wl@gnu.org>
 
+	* src/psaux/cffdecode.c (cff_operator_seac): Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16470
+
+2019-08-26  Werner Lemberg  <wl@gnu.org>
+
 	[type1] Fix `FT_Get_Var_Axis_Flags' (#56804).
 
 	* src/type1/t1load.c (T1_Get_MM_Var): Allocate space for axis flags.
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -330,7 +330,7 @@
     builder->left_bearing.x = 0;
     builder->left_bearing.y = 0;
 
-    builder->pos_x = adx - asb;
+    builder->pos_x = SUB_LONG( adx, asb );
     builder->pos_y = ady;
 
     /* Now load `achar' on top of the base outline. */