commit | 9fa8a2997f869c6172a12a9497b3ca649806ec4d | [log] [tgz] |
---|---|---|
author | Werner Lemberg <wl@gnu.org> | Sun Jun 04 20:43:08 2017 +0200 |
committer | Werner Lemberg <wl@gnu.org> | Sun Jun 04 20:43:08 2017 +0200 |
tree | 3129db6d7e285e4a9760f50d6fdf46d749bc08fa | |
parent | addb2dddb6fd4be32ea16b44831e4cc99bbc9693 [diff] |
[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088 * src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32. * src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG, OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.