oss-sec mailing list archives
libass ass_outline.c signed integer overflow
From: Fstark <f734222792 () gmail com>
Date: Tue, 29 Sep 2020 08:19:19 +0800
In `ass_outline_construct`'s call to `outline_stroke` a signed integer overflow happens *(undefined behaviour)*. On my machine signed overflow happens to wrap around to a negative value, thus failing the assert. https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432
Current thread:
- libass ass_outline.c signed integer overflow Fstark (Sep 29)