commit | 1ea343228d8987afae5f58908581c1e59e26e9ad | [log] [tgz] |
---|---|---|
author | Werner Lemberg <wl@gnu.org> | Sat Jun 03 06:52:13 2017 +0200 |
committer | Werner Lemberg <wl@gnu.org> | Sat Jun 03 06:52:13 2017 +0200 |
tree | 1edc34a46038737fc06f01cfb7b5c5340524d89a | |
parent | c5a225413ffd6f3e032cede5a14d64a2c2c047a2 [diff] |
[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.