[psaux] Fix numeric overflow.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768 * src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
6 years ago · 6b660f1215
parent 83fc524dfc
commit 6b660f1215
2 changed files with 12 additions and 1 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+2018-10-02  Werner Lemberg  <wl@gnu.org>
+
+	[psaux] Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768
+
+	* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
+	[CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
+
 2018-10-02  Werner Lemberg  <wl@gnu.org>

 	[pshinter] Handle numeric overflow.
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@ -1839,7 +1839,7 @@
              /* before C99 it is implementation-defined whether    */
              /* the result of `%' is negative if the first operand */
              /* is negative                                        */
-              idx = -( ( -idx ) % count );
+              idx = -( NEG_INT( idx ) % count );
              while ( idx < 0 )
              {
                FT_Fixed  tmp = args[0];