From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
From: Sam Hocevar <sam@hocevar.net>
Date: Sat, 29 Dec 2018 22:13:56 +0100
Subject: [PATCH] dither: fix integer overflows that were causing a division by
 zero.

Fixes: #36 (CVE-2018-20544)
---
 caca/dither.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/caca/dither.c b/caca/dither.c
index 04b678e0..c6ebab1b 100644
--- a/caca/dither.c
+++ b/caca/dither.c
@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
         /* First get RGB */
         if(d->antialias)
         {
-            fromx = (x - x1) * w / deltax;
-            fromy = (y - y1) * h / deltay;
-            tox = (x - x1 + 1) * w / deltax;
-            toy = (y - y1 + 1) * h / deltay;
+            fromx = (uint64_t)(x - x1) * w / deltax;
+            fromy = (uint64_t)(y - y1) * h / deltay;
+            tox = (uint64_t)(x - x1 + 1) * w / deltax;
+            toy = (uint64_t)(y - y1 + 1) * h / deltay;
 
             /* We want at least one pixel */
             if(tox == fromx) tox++;
@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
         }
         else
         {
-            fromx = (x - x1) * w / deltax;
-            fromy = (y - y1) * h / deltay;
-            tox = (x - x1 + 1) * w / deltax;
-            toy = (y - y1 + 1) * h / deltay;
+            fromx = (uint64_t)(x - x1) * w / deltax;
+            fromy = (uint64_t)(y - y1) * h / deltay;
+            tox = (uint64_t)(x - x1 + 1) * w / deltax;
+            toy = (uint64_t)(y - y1 + 1) * h / deltay;
 
             /* tox and toy can overflow the canvas, but they cannot overflow
              * when averaged with fromx and fromy because these are guaranteed