From 18fc64e6a335e82eb3adb9a1a4a9ba43768cd134 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 7 Aug 2021 17:11:57 +0200
Subject: [PATCH] [smooth] Avoid integer overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36243

* src/smooth/ftgrays.c(ADD_LONG, SUB_LONG, MUL_LONG, NEG_LONG)
[STANDALONE_]: Removed, unused.
(ADD_INT) [STANDALONE_]: New macro.
(FT_INTEGRATE): Use ADD_INT.
---
 src/smooth/ftgrays.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/smooth/ftgrays.c b/src/smooth/ftgrays.c
index 322bf6c53..250053e8d 100644
--- a/src/smooth/ftgrays.c
+++ b/src/smooth/ftgrays.c
@@ -149,14 +149,8 @@
 #define FT_INT_MAX    INT_MAX
 #define FT_ULONG_MAX  ULONG_MAX
 
-#define ADD_LONG( a, b )                                    \
-          (long)( (unsigned long)(a) + (unsigned long)(b) )
-#define SUB_LONG( a, b )                                    \
-          (long)( (unsigned long)(a) - (unsigned long)(b) )
-#define MUL_LONG( a, b )                                    \
-          (long)( (unsigned long)(a) * (unsigned long)(b) )
-#define NEG_LONG( a )                                       \
-          (long)( -(unsigned long)(a) )
+#define ADD_INT( a, b )                                  \
+          (int)( (unsigned int)(a) + (unsigned int)(b) )
 
 
 #define ft_memset   memset
@@ -530,8 +524,9 @@ typedef ptrdiff_t  FT_PtrDist;
 #define CELL_IS_NULL( cell )  ( (cell)->x == CELL_MAX_X_VALUE )
 
 
-#define FT_INTEGRATE( ras, a, b )                                     \
-           ras.cell->cover += (a), ras.cell->area += (a) * (TArea)(b)
+#define FT_INTEGRATE( ras, a, b )                                       \
+          ras.cell->cover = ADD_INT( ras.cell->cover, a ),              \
+          ras.cell->area  = ADD_INT( ras.cell->area, (a) * (TArea)(b) )
 
 
   typedef struct gray_TRaster_