kc3-lang/freetype

diff --git a/ChangeLog b/ChangeLog
index 2549d0f..dac2e7d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2017-09-30  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	Signedness fixes in bitmap presetting.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3514.
+
+	* src/raster/ftrend1.c (ft_raster1_render): Exlicitly signed height.
+	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
+	* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Explicitly unsigned
+	subtraction.
+
 2017-09-29  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	Bitmap metrics presetting [2/2].
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 030c033..5722c55 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -425,8 +425,8 @@
     x_left  = cbox.xMin >> 6;
     y_top   = cbox.yMax >> 6;
 
-    width  = (FT_ULong)( cbox.xMax - cbox.xMin ) >> 6;
-    height = (FT_ULong)( cbox.yMax - cbox.yMin ) >> 6;
+    width  = ( (FT_ULong)cbox.xMax - (FT_ULong)cbox.xMin ) >> 6;
+    height = ( (FT_ULong)cbox.yMax - (FT_ULong)cbox.yMin ) >> 6;
 
     switch ( pixel_mode )
     {
diff --git a/src/raster/ftrend1.c b/src/raster/ftrend1.c
index bbce7bb..ede4916 100644
--- a/src/raster/ftrend1.c
+++ b/src/raster/ftrend1.c
@@ -137,7 +137,7 @@
     slot->internal->flags |= FT_GLYPH_OWN_BITMAP;
 
     x_shift = -slot->bitmap_left * 64;
-    y_shift = ( bitmap->rows - slot->bitmap_top ) * 64;
+    y_shift = ( (FT_Int)bitmap->rows - slot->bitmap_top ) * 64;
 
     if ( origin )
     {
diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
index 7946f28..db3a1c3 100644
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -141,9 +141,9 @@
     x_shift = 64 * -slot->bitmap_left;
     y_shift = 64 * -slot->bitmap_top;
     if ( bitmap->pixel_mode == FT_PIXEL_MODE_LCD_V )
-      y_shift += 64 * bitmap->rows / 3;
+      y_shift += 64 * (FT_Int)bitmap->rows / 3;
     else
-      y_shift += 64 * bitmap->rows;
+      y_shift += 64 * (FT_Int)bitmap->rows;
 
     if ( origin )
     {