[cff] Fix value overflow.

* src/cff/cffparse.c (cff_parse_fixed_scaled): Implement it.
12 years ago · 76accc184b
parent 2df16761c9
commit 76accc184b
2 changed files with 20 additions and 3 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2012-10-17  Bram Tassyns  <BramT@enfocus.com>
+
+	[cff] Fix value overflow.
+
+	* src/cff/cffparse.c (cff_parse_fixed_scaled): Implement it.
+
 2012-10-17  Werner Lemberg  <wl@gnu.org>

 	[truetype] Fix Savannah bug #37572.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@ -396,9 +396,20 @@
  cff_parse_fixed_scaled( FT_Byte**  d,
                          FT_Long    scaling )
  {
-    return **d == 30 ? cff_parse_real( d[0], d[1], scaling, NULL )
-                     : ( cff_parse_integer( d[0], d[1] ) *
-                           power_tens[scaling] ) << 16;
+    if ( **d == 30 )
+      return cff_parse_real( d[0], d[1], scaling, NULL );
+    else
+    {
+      FT_Long  val = cff_parse_integer( d[0], d[1] ) * power_tens[scaling];
+
+
+      if ( val > 0x7FFF )
+        return 0x7FFFFFFFL;
+      else if ( val < -0x7FFF )
+        return -0x7FFFFFFFL;
+
+      return val << 16;
+    }
  }