From 5e3a38b194f3a68e9a5a03a1bd0c6bb2eb3dec1f Mon Sep 17 00:00:00 2001
From: Armin Hasitzka <prince.cherusker@gmail.com>
Date: Thu, 21 Feb 2019 10:04:28 +0000
Subject: [PATCH] [psaux] Mask numeric overflow.

* src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Mask numeric
overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13041
---
 ChangeLog             | 11 +++++++++++
 src/psaux/cffdecode.c |  4 ++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f43a7ef63..cb17e77ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2019-02-21  Armin Hasitzka  <prince.cherusker@gmail.com>
+
+	[psaux] Mask numeric overflow.
+
+	* src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Mask numeric
+	overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13041
+
 2019-02-16  Wink Saville  <wink@saville.com>
 
 	* src/autofit/afwarp.h (af_warper_compute): Fix declaration.
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 6cc1d3249..b11b75f7b 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -1556,9 +1556,9 @@
             }
 
             if ( dx < 0 )
-              dx = -dx;
+              dx = NEG_LONG( dx );
             if ( dy < 0 )
-              dy = -dy;
+              dy = NEG_LONG( dy );
 
             /* strange test, but here it is... */
             horizontal = ( dx > dy );