From 4553f1c396ddc76ab204491c394866346f3a7669 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Tue, 6 Jan 2026 05:36:16 +0100 Subject: [PATCH] [autofit] Prevent signed integer overflow. Reported as https://issues.oss-fuzz.com/issues/473582304 * src/autofit/afloader.c (af_loader_load_glyph): Use `ADD_LONG`. --- src/autofit/afloader.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/autofit/afloader.c b/src/autofit/afloader.c index d84adc096..737b454b6 100644 --- a/src/autofit/afloader.c +++ b/src/autofit/afloader.c @@ -532,8 +532,10 @@ slot->metrics.horiBearingX = bbox.xMin; slot->metrics.horiBearingY = bbox.yMax; - slot->metrics.vertBearingX = FT_PIX_FLOOR( bbox.xMin + vvector.x ); - slot->metrics.vertBearingY = FT_PIX_FLOOR( bbox.yMax + vvector.y ); + slot->metrics.vertBearingX = FT_PIX_FLOOR( ADD_LONG( bbox.xMin, + vvector.x ) ); + slot->metrics.vertBearingY = FT_PIX_FLOOR( ADD_LONG( bbox.yMax, + vvector.y ) ); /* for mono-width fonts (like Andale, Courier, etc.) we need */ /* to keep the original rounded advance width; ditto for */