kc3-lang/freetype

diff --git a/ChangeLog b/ChangeLog
index 4136f9f..10d81e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-08-10  Werner Lemberg  <wl@gnu.org>
+
+	Try to fix Savannah bug #30717 (and probably #30719 too).
+
+	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Add another
+	overflow test for `width' and `height'.
+
 2010-08-06  Werner Lemberg  <wl@gnu.org>
 
 	* Version 2.4.2 released.
diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
index 7d16b94..eb12f18 100644
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -140,8 +140,26 @@
     cbox.xMax = FT_PIX_CEIL( cbox.xMax );
     cbox.yMax = FT_PIX_CEIL( cbox.yMax );
 
-    width  = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
-    height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
+    if ( cbox.xMin < 0 && cbox.xMax > FT_INT_MAX + cbox.xMin )
+    {
+      FT_ERROR(( "ft_smooth_render_generic: glyph too large:"
+                 " xMin = %d, xMax = %d\n",
+                 cbox.xMin >> 6, cbox.xMax >> 6 ));
+      return Smooth_Err_Raster_Overflow;
+    }
+    else
+      width  = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
+
+    if ( cbox.yMin < 0 && cbox.yMax > FT_INT_MAX + cbox.yMin )
+    {
+      FT_ERROR(( "ft_smooth_render_generic: glyph too large:"
+                 " yMin = %d, yMax = %d\n",
+                 cbox.yMin >> 6, cbox.yMax >> 6 ));
+      return Smooth_Err_Raster_Overflow;
+    }
+    else
+      height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
+
     bitmap = &slot->bitmap;
     memory = render->root.memory;
 
@@ -202,7 +220,7 @@
     /* but we care realistic cases only. Always pitch <= width. */
     if ( width > 0x7FFFU || height > 0x7FFFU )
     {
-      FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n",
+      FT_ERROR(( "ft_smooth_render_generic: glyph too large: %u x %u\n",
                  width, height ));
       return Smooth_Err_Raster_Overflow;
     }