mirror of
https://github.com/openharmony/third_party_freetype.git
synced 2026-07-01 10:22:10 -04:00
[autofit] Prevent signed integer overflow
Signed-off-by: ZacohZhen <kouzhenrong@h-partners.com>
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
diff --git a/src/autofit/afloader.c b/src/autofit/afloader.c
|
||||
index af1d59a..79a6938 100644
|
||||
--- a/src/autofit/afloader.c
|
||||
+++ b/src/autofit/afloader.c
|
||||
@@ -532,8 +532,10 @@
|
||||
slot->metrics.horiBearingX = bbox.xMin;
|
||||
slot->metrics.horiBearingY = bbox.yMax;
|
||||
|
||||
- slot->metrics.vertBearingX = FT_PIX_FLOOR( bbox.xMin + vvector.x );
|
||||
- slot->metrics.vertBearingY = FT_PIX_FLOOR( bbox.yMax + vvector.y );
|
||||
+ slot->metrics.vertBearingX = FT_PIX_FLOOR( ADD_LONG( bbox.xMin,
|
||||
+ vvector.x ) );
|
||||
+ slot->metrics.vertBearingY = FT_PIX_FLOOR( ADD_LONG( bbox.yMax,
|
||||
+ vvector.y ) );
|
||||
|
||||
/* for mono-width fonts (like Andale, Courier, etc.) we need */
|
||||
/* to keep the original rounded advance width; ditto for */
|
||||
+3
-1
@@ -41,6 +41,7 @@ def move_file(src_path, dst_path):
|
||||
"backport-freetype-2.12.1-enable-funcs.patch",
|
||||
"CVE-2026-23865.patch",
|
||||
"backport-truetype-signed-integer-overflow.patch",
|
||||
"backport-autofit-signed-integer-overflow.patch",
|
||||
"ftconfig.h"
|
||||
]
|
||||
for file in files:
|
||||
@@ -78,7 +79,8 @@ def do_patch(target_dir):
|
||||
"backport-freetype-2.10.1-debughook.patch",
|
||||
"backport-freetype-2.12.1-enable-funcs.patch",
|
||||
"CVE-2026-23865.patch",
|
||||
"backport-truetype-signed-integer-overflow.patch"
|
||||
"backport-truetype-signed-integer-overflow.patch",
|
||||
"backport-autofit-signed-integer-overflow.patch"
|
||||
]
|
||||
|
||||
for patch in patch_file:
|
||||
|
||||
Reference in New Issue
Block a user