From 2a1597826a84275660e7410368200b37f85ffdaf Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Tue, 17 Apr 2018 12:25:17 +0200
Subject: [PATCH] [truetype] Integer overflow issues.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739

* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.
---
 ChangeLog               | 10 ++++++++++
 src/truetype/ttinterp.c |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 316256098..c3788a9da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-04-17  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Integer overflow issues.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739
+
+	* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.
+
 2018-04-16  Werner Lemberg  <wl@gnu.org>
 
 	[truetype] Integer overflow issues.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 336b46b42..da9b595ab 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -2954,7 +2954,7 @@
   static void
   Ins_CEILING( FT_Long*  args )
   {
-    args[0] = FT_PIX_CEIL( args[0] );
+    args[0] = FT_PIX_CEIL_LONG( args[0] );
   }