OSS-fuzz #4090 - limit angle operands to arc

The file executes an arc operation with angle2=1 and angle1=3.5x10^21.
The spec says that if angle2 is less than angle1 we should increase it
by multiples of 360 until it is greater than or equal to angle1.

The problem is that the accuracy of the double representation is not
sufficient to detect the addition of 360, so we go round the loop
adding 360 to angle2 trying to get it larger than angle1 forever.

Trying to detect the point at which this would occur is hard, and
probably error-prone across platforms, so we choose to limit the two
angles to the platform maximum integer, less 360 to allow a full
circle between the angles.

If either angle exceeds that we will return a limitcheck error.

1 files changed, 3 insertions, 0 deletions

diff --git a/base/gspath1.c b/base/gspath1.c
index 10a1a0eb8..cc56cb1d2 100644
--- a/base/gspath1.c
+++ b/base/gspath1.c
@@ -219,6 +219,9 @@ gs_gstate_arc_add(gx_path * ppath, gs_gstate * pgs, bool clockwise,
         ang2 += 180;
         ar = -ar;
     }
+    if (ang1 > (max_int - 360) || ang2 > (max_int - 360))
+        return_error(gs_error_limitcheck);
+
     arc.radius = ar;
     arc.action = (add_line ? arc_lineto : arc_moveto);
     arc.notes = sn_none;