From 0636dc8af1e502c343b126b50f3a0dbec8f3fc26 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Wed, 3 Feb 2021 19:16:02 +0100
Subject: [PATCH] [psaux] Fix integer overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30154

* src/psaux/psblues.c (cf2_blues_capture): Use `SUB_INT32`.
---
 ChangeLog           | 10 ++++++++++
 src/psaux/psblues.c |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f1a21064d..4f4af4eb6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2021-02-03  Werner Lemberg  <wl@gnu.org>
+
+	[psaux] Fix integer overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30154
+
+	* src/psaux/psblues.c (cf2_blues_capture): Use `SUB_INT32`.
+
 2021-02-02  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	* builds/unix/configure.raw [mmap support]: Explicitly handle Windows.
diff --git a/src/psaux/psblues.c b/src/psaux/psblues.c
index 3878e9bde..7bfd419d5 100644
--- a/src/psaux/psblues.c
+++ b/src/psaux/psblues.c
@@ -506,7 +506,8 @@
             /* guarantee minimum of 1 pixel overshoot */
             dsNew = FT_MIN(
                       cf2_fixedRound( bottomHintEdge->dsCoord ),
-                      blues->zone[i].dsFlatEdge - cf2_intToFixed( 1 ) );
+                      SUB_INT32 ( blues->zone[i].dsFlatEdge,
+                                  cf2_intToFixed( 1 ) ) );
           }
 
           else