From 7b855ed9cf8c48841e72369ea3ebcbf8486e5e06 Mon Sep 17 00:00:00 2001
From: Armin Hasitzka <prince.cherusker@gmail.com>
Date: Mon, 10 Sep 2018 23:41:04 +0100
Subject: [PATCH] * src/pshinter/pshrec.c (t2_hints_stems): Mask numeric
 overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10215
---
 ChangeLog             | 8 ++++++++
 src/pshinter/pshrec.c | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 97a11b4bd..5f2fb9731 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-09-10  Armin Hasitzka  <prince.cherusker@gmail.com>
+
+	* src/pshinter/pshrec.c (t2_hints_stems): Mask numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10215
+
 2018-09-09  Ben Wagner  <bungeman@google.com>
 
 	* builds/freetype.mk (refdoc-venv): Ensure python version (#54631).
diff --git a/src/pshinter/pshrec.c b/src/pshinter/pshrec.c
index 5cece0531..401ab190f 100644
--- a/src/pshinter/pshrec.c
+++ b/src/pshinter/pshrec.c
@@ -1187,7 +1187,7 @@
       /* compute integer stem positions in font units */
       for ( n = 0; n < count * 2; n++ )
       {
-        y       += coords[n];
+        y        = ADD_LONG( y, coords[n] );
         stems[n] = FIXED_TO_INT( y );
       }