QSGOpenGLDistanceFieldGlyphCache: Fix multiplication result truncation and UB

[PATCH 1/2] QSGOpenGLDistanceFieldGlyphCache: fix multiplication result truncation

The type of the expression int * int is int, so truncation has already
happened when the result is assigned to a qint64.

Fix by casting one of the multiplicants to qint64 before performing
the multiplication. This multiplication cannot overflow, because int
is 32-bit on all supported platforms.

The addition of 'size' to the pointer will still truncate the result,
on 32bit platforms, but that check is in itself UB. A follow-up commit
will fix the check, and with it the last truncation to 32bit.

Coverity-Id: 218769
Pick-to: 6.3 6.2 5.15
Change-Id: I0d71950695b9743db8c96d825e68bb1e9c47de02
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit cacfc1dbb9719c0ef55cff69dad0921ce1405438)

[PATCH 2/2] QSGOpenGLDistanceFieldGlyphCache: fix UB (ordering of pointers not from the same array)

The code performed out of bounds checks by adding the size of the
buffer to a pointer and comparing the result to the the
one-past-the-end pointer of the buffer.

This is UB, for three reasons:

- in one case, a qint64 is added to a pointer, silently truncating the
	result on 32bit platforms

- if the buffer overflow is large, the pointer value may wrap around,
	yielding a result that is numerically less than the end pointer, but
	still out-of-bounds.

- pointer order is only defined within a C array, plus one past the
	end. On failure, pointers outside that range are compared.

Fix by comparing distance(it, end) with the required size for the
chunk to be written instead.

Pick-to: 6.3 6.2 5.15
Change-Id: I356bb8c8a65a93b8b1c1eb7bac381dd64bea719e
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 8d9bd6b381bfc759d575954801b683354ad6a790)