From cd02d359a6d0455e9d16b87bf9665961c4699538 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 1 Jun 2017 17:05:39 +0200
Subject: [smooth] Some 32bit integer overflow run-time errors.

* src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros.
[!STANDALONE]: Include FT_INTERNAL_CALC_H.
(gray_render_cubic): Use those macros where appropriate.
---
 ChangeLog            |  9 +++++++++
 src/smooth/ftgrays.c | 17 +++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 35b18c12d..04d70a39d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-06-01  Werner Lemberg  <wl@gnu.org>
+
+	[smooth] Some 32bit integer overflow run-time errors.
+
+	* src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG,
+	OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros.
+	[!STANDALONE]: Include FT_INTERNAL_CALC_H.
+	(gray_render_cubic): Use those macros where appropriate.
+
 2017-06-01  Werner Lemberg  <wl@gnu.org>
 
 	* src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'.
diff --git a/src/smooth/ftgrays.c b/src/smooth/ftgrays.c
index e9a3ce7a7..04f0c2ab3 100644
--- a/src/smooth/ftgrays.c
+++ b/src/smooth/ftgrays.c
@@ -141,6 +141,16 @@
 #define FT_INT_MAX    INT_MAX
 #define FT_ULONG_MAX  ULONG_MAX
 
+#define OVERFLOW_ADD_LONG( a, b )                           \
+          (long)( (unsigned long)(a) + (unsigned long)(b) )
+#define OVERFLOW_SUB_LONG( a, b )                           \
+          (long)( (unsigned long)(a) - (unsigned long)(b) )
+#define OVERFLOW_MUL_LONG( a, b )                           \
+          (long)( (unsigned long)(a) * (unsigned long)(b) )
+#define NEG_LONG( a )                                       \
+          (long)( -(unsigned long)(a) )
+
+
 #define ft_memset   memset
 
 #define ft_setjmp   setjmp
@@ -264,6 +274,7 @@ typedef ptrdiff_t  FT_PtrDist;
 #include "ftgrays.h"
 #include FT_INTERNAL_OBJECTS_H
 #include FT_INTERNAL_DEBUG_H
+#include FT_INTERNAL_CALC_H
 #include FT_OUTLINE_H
 
 #include "ftsmerrs.h"
@@ -1135,7 +1146,8 @@ typedef ptrdiff_t  FT_PtrDist;
       /* s is L * the perpendicular distance from P1 to the line P0-P3. */
       dx1 = arc[1].x - arc[0].x;
       dy1 = arc[1].y - arc[0].y;
-      s = FT_ABS( dy * dx1 - dx * dy1 );
+      s = FT_ABS( OVERFLOW_SUB_LONG( OVERFLOW_MUL_LONG( dy, dx1 ),
+                                     OVERFLOW_MUL_LONG( dx, dy1 ) ) );
 
       if ( s > s_limit )
         goto Split;
@@ -1143,7 +1155,8 @@ typedef ptrdiff_t  FT_PtrDist;
       /* s is L * the perpendicular distance from P2 to the line P0-P3. */
       dx2 = arc[2].x - arc[0].x;
       dy2 = arc[2].y - arc[0].y;
-      s = FT_ABS( dy * dx2 - dx * dy2 );
+      s = FT_ABS( OVERFLOW_SUB_LONG( OVERFLOW_MUL_LONG( dy, dx2 ),
+                                     OVERFLOW_MUL_LONG( dx, dy2 ) ) );
 
       if ( s > s_limit )
         goto Split;
-- 
cgit v1.2.1