diff --git a/ChangeLog b/ChangeLog
index be013e47e..40e9f910e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-09-17  Werner Lemberg  <wl@gnu.org>
+
+	[pshinter] Handle numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10396
+
+	* src/pshinter/pshglob.c: Include FT_INTERNAL_CALC_H.
+	(psh_blues_snap_stems): Mask numeric overflow.
+
 2018-09-13  Werner Lemberg  <wl@gnu.org>
 
 	[truetype] Some fixes for VF checks.
@@ -669,7 +680,7 @@
 
 	[cid] Trace PostScript dictionaries.
 
-	* src/cid/cidload.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H
+	* src/cid/cidload.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H.
 	(cid_load_keyword, cid_parse_font_matrix, parse_fd_array,
 	parse_expansion_factor, cid_parse_dict): Add tracing calls.
 	(parse_font_name): New function to trace `/FontName' keywords in
diff --git a/src/pshinter/pshglob.c b/src/pshinter/pshglob.c
index f6859cdf6..5f5ae2df1 100644
--- a/src/pshinter/pshglob.c
+++ b/src/pshinter/pshglob.c
@@ -20,6 +20,7 @@
 #include <ft2build.h>
 #include FT_FREETYPE_H
 #include FT_INTERNAL_OBJECTS_H
+#include FT_INTERNAL_CALC_H
 #include "pshglob.h"
 
 #ifdef DEBUG_HINTER
@@ -568,7 +569,7 @@
 
     for ( ; count > 0; count--, zone++ )
     {
-      delta = stem_top - zone->org_bottom;
+      delta = SUB_LONG( stem_top, zone->org_bottom );
       if ( delta < -blues->blue_fuzz )
         break;