[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 546237e1b: * src/truetype/ttgxvar.c (ft_var_to_normal
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master 546237e1b: * src/truetype/ttgxvar.c (ft_var_to_normalized): Integer overflow. |
|
Date: |
Fri, 23 Feb 2024 05:57:13 -0500 (EST) |
branch: master
commit 546237e1bbbb1269b5f76a878ea5eed3c8e268b5
Author: Werner Lemberg <wl@gnu.org>
Commit: Werner Lemberg <wl@gnu.org>
* src/truetype/ttgxvar.c (ft_var_to_normalized): Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66543
---
src/truetype/ttgxvar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 3dd99abe3..7b33b8e52 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2142,7 +2142,7 @@
innerIndex );
/* Convert to 16.16 format before adding. */
- v += delta * 4;
+ v += MUL_INT( delta, 4 );
/* Clamp value range. */
v = v >= 0x10000L ? 0x10000 : v;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 546237e1b: * src/truetype/ttgxvar.c (ft_var_to_normalized): Integer overflow.,
Werner Lemberg <=