Signedness fixes in bitmap presetting.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3514.

* src/raster/ftrend1.c (ft_raster1_render): Exlicitly signed height.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Explicitly unsigned
subtraction.

ChangeLog

@@ -1,3 +1,16 @@
+2017-09-30  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	Signedness fixes in bitmap presetting.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3514.
+
+	* src/raster/ftrend1.c (ft_raster1_render): Exlicitly signed height.
+	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
+	* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Explicitly unsigned
+	subtraction.
+
 2017-09-29  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	Bitmap metrics presetting [2/2].

src/base/ftobjs.c

@@ -425,8 +425,8 @@
     x_left  = cbox.xMin >> 6;
     y_top   = cbox.yMax >> 6;
 
-    width  = (FT_ULong)( cbox.xMax - cbox.xMin ) >> 6;
-    height = (FT_ULong)( cbox.yMax - cbox.yMin ) >> 6;
+    width  = ( (FT_ULong)cbox.xMax - (FT_ULong)cbox.xMin ) >> 6;
+    height = ( (FT_ULong)cbox.yMax - (FT_ULong)cbox.yMin ) >> 6;
 
     switch ( pixel_mode )
     {

src/raster/ftrend1.c

@@ -137,7 +137,7 @@
     slot->internal->flags |= FT_GLYPH_OWN_BITMAP;
 
     x_shift = -slot->bitmap_left * 64;
-    y_shift = ( bitmap->rows - slot->bitmap_top ) * 64;
+    y_shift = ( (FT_Int)bitmap->rows - slot->bitmap_top ) * 64;
 
     if ( origin )
     {

src/smooth/ftsmooth.c

@@ -141,9 +141,9 @@
     x_shift = 64 * -slot->bitmap_left;
     y_shift = 64 * -slot->bitmap_top;
     if ( bitmap->pixel_mode == FT_PIXEL_MODE_LCD_V )
-      y_shift += 64 * bitmap->rows / 3;
+      y_shift += 64 * (FT_Int)bitmap->rows / 3;
     else
-      y_shift += 64 * bitmap->rows;
+      y_shift += 64 * (FT_Int)bitmap->rows;
 
     if ( origin )
     {