3 files changed, 15 insertions, 1 deletions

diff --git a/third_party/lcms2-2.6/0001-from16-to-8-overflow.patch b/third_party/lcms2-2.6/0001-from16-to-8-overflow.patch
new file mode 100644
index 0000000000..6e7b16d061
--- /dev/null
+++ b/third_party/lcms2-2.6/0001-from16-to-8-overflow.patch
@@ -0,0 +1,13 @@
+diff --git a/third_party/lcms2-2.6/src/lcms2_internal.h b/third_party/lcms2-2.6/src/lcms2_internal.h
+index 8617e92..cc76d48 100644
+--- a/third_party/lcms2-2.6/src/lcms2_internal.h
++++ b/third_party/lcms2-2.6/src/lcms2_internal.h
+@@ -94,7 +94,7 @@
+ 
+ // A fast way to convert from/to 16 <-> 8 bits
+ #define FROM_8_TO_16(rgb) (cmsUInt16Number) ((((cmsUInt16Number) (rgb)) << 8)|(rgb))
+-#define FROM_16_TO_8(rgb) (cmsUInt8Number) ((((rgb) * 65281 + 8388608) >> 24) & 0xFF)
++#define FROM_16_TO_8(rgb) (cmsUInt8Number) ((((cmsUInt32Number)(rgb) * 65281U + 8388608U) >> 24) & 0xFFU)
+ 
+ // Code analysis is broken on asserts
+ #ifdef _MSC_VER
diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium
index 19d2f68604..6c3d5dd4ef 100644
--- a/third_party/lcms2-2.6/README.pdfium
+++ b/third_party/lcms2-2.6/README.pdfium
@@ -10,4 +10,5 @@ Color Management Engine.
 Local Modifications:
 
 0000-tag-type-confusion.patch: Fix a type confusion.
+0001-from16-to-8-overflow.patch: Prevent a UBSan warning.
 TODO(ochang): List other patches.
diff --git a/third_party/lcms2-2.6/src/lcms2_internal.h b/third_party/lcms2-2.6/src/lcms2_internal.h
index 8617e92eb1..cc76d488d0 100644
--- a/third_party/lcms2-2.6/src/lcms2_internal.h
+++ b/third_party/lcms2-2.6/src/lcms2_internal.h
@@ -94,7 +94,7 @@
 
 // A fast way to convert from/to 16 <-> 8 bits
 #define FROM_8_TO_16(rgb) (cmsUInt16Number) ((((cmsUInt16Number) (rgb)) << 8)|(rgb))
-#define FROM_16_TO_8(rgb) (cmsUInt8Number) ((((rgb) * 65281 + 8388608) >> 24) & 0xFF)
+#define FROM_16_TO_8(rgb) (cmsUInt8Number) ((((cmsUInt32Number)(rgb) * 65281U + 8388608U) >> 24) & 0xFFU)
 
 // Code analysis is broken on asserts
 #ifdef _MSC_VER