From 3c64af98ffa03312ee36809e1fe0a08cb844d4f8 Mon Sep 17 00:00:00 2001
From: Alexei Podtelezhnikov <apodtele@gmail.com>
Date: Mon, 20 Jun 2016 00:01:55 -0400
Subject: [PATCH] [smooth] Sanitize memory managenent.

* src/smooth/ftgrays.c (gray_convert_glyph): Cleaned up.
---
 ChangeLog            |  6 ++++++
 src/smooth/ftgrays.c | 34 +++++++++++++---------------------
 2 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9bcf0eef0..0f98d594f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-06-20  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[smooth] Sanitize memory managenent.
+
+	* src/smooth/ftgrays.c (gray_convert_glyph): Cleaned up.
+
 2016-06-18  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[smooth] Remove `band_shoot' that never worked.
diff --git a/src/smooth/ftgrays.c b/src/smooth/ftgrays.c
index a78a12240..aef6a47e4 100644
--- a/src/smooth/ftgrays.c
+++ b/src/smooth/ftgrays.c
@@ -1937,34 +1937,26 @@ typedef ptrdiff_t  FT_PtrDist;
         TPos  bottom, top, middle;
         int   error;
 
-        {
-          PCell  cells_max;
-          int    yindex;
-          long   cell_start, cell_end, cell_mod;
-
 
-          ras.ycells = (PCell*)ras.buffer;
-          ras.ycount = band->max - band->min;
+        /* memory management */
+        {
+          int    ycount = band->max - band->min;
+          int    cell_start;
 
-          cell_start = (long)sizeof ( PCell ) * ras.ycount;
-          cell_mod   = cell_start % (long)sizeof ( TCell );
-          if ( cell_mod > 0 )
-            cell_start += (long)sizeof ( TCell ) - cell_mod;
 
-          cell_end  = ras.buffer_size;
-          cell_end -= cell_end % (long)sizeof ( TCell );
+          cell_start = ( ycount * sizeof( PCell ) + sizeof( TCell ) - 1 ) /
+                       sizeof( TCell );
 
-          cells_max = (PCell)( (char*)ras.buffer + cell_end );
-          ras.cells = (PCell)( (char*)ras.buffer + cell_start );
-          if ( ras.cells >= cells_max )
+          if ( FT_MAX_GRAY_POOL - cell_start < 2 )
             goto ReduceBands;
 
-          ras.max_cells = cells_max - ras.cells;
-          if ( ras.max_cells < 2 )
-            goto ReduceBands;
+          ras.cells     = (PCell)ras.buffer + cell_start;
+          ras.max_cells = FT_MAX_GRAY_POOL - cell_start;
 
-          for ( yindex = 0; yindex < ras.ycount; yindex++ )
-            ras.ycells[yindex] = NULL;
+          ras.ycells = (PCell*)ras.buffer;
+          ras.ycount = ycount;
+          while ( ycount )
+            ras.ycells[--ycount] = NULL;
         }
 
         ras.num_cells = 0;