commit | 546237e1bbbb1269b5f76a878ea5eed3c8e268b5 | [log] [tgz] |
---|---|---|
author | Werner Lemberg <wl@gnu.org> | Fri Feb 23 10:55:53 2024 |
committer | Werner Lemberg <wl@gnu.org> | Fri Feb 23 10:55:53 2024 |
tree | e40e6e6ebe868353b97973f9de9d31272df7629e | |
parent | 47574f7ea445c8bb751da0fa716424c9c29a6807 [diff] |
* src/truetype/ttgxvar.c (ft_var_to_normalized): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66543
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c index 3dd99ab..7b33b8e 100644 --- a/src/truetype/ttgxvar.c +++ b/src/truetype/ttgxvar.c
@@ -2142,7 +2142,7 @@ innerIndex ); /* Convert to 16.16 format before adding. */ - v += delta * 4; + v += MUL_INT( delta, 4 ); /* Clamp value range. */ v = v >= 0x10000L ? 0x10000 : v;