From fbd24523461d57d38bd040d842f9fba2690545cd Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Tue, 6 Nov 2018 11:15:31 +0100
Subject: [PATCH] [pshinter] Fix numeric overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11242

* src/pshinter/pshrec.c (ps_dimension_add_t1stem): Implement it.
---
 ChangeLog             | 10 ++++++++++
 src/pshinter/pshrec.c |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3b73bac6a..48e7836c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2018-11-06  Werner Lemberg  <wl@gnu.org>
+
+	[pshinter] Fix numeric overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11242
+
+	* src/pshinter/pshrec.c (ps_dimension_add_t1stem): Implement it.
+
 2018-11-06  Werner Lemberg  <wl@gnu.org>
 
 	[psaux] Fix timeout in old CFF engine.
diff --git a/src/pshinter/pshrec.c b/src/pshinter/pshrec.c
index 401ab190f..7633c5e61 100644
--- a/src/pshinter/pshrec.c
+++ b/src/pshinter/pshrec.c
@@ -666,7 +666,7 @@
       if ( len == -21 )
       {
         flags |= PS_HINT_FLAG_BOTTOM;
-        pos   += len;
+        pos    = ADD_INT( pos, len );
       }
       len = 0;
     }