Sophie: freetype2-2.3.12-1.9mdv2010.2 src

freetype2-2.3.12-1.9mdv2010.2.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

diff -Naurp freetype-2.3.11/src/base/ftobjs.c freetype-2.3.11.oden/src/base/ftobjs.c
--- freetype-2.3.11/src/base/ftobjs.c	2010-08-22 06:21:36.000000000 -0400
+++ freetype-2.3.11.oden/src/base/ftobjs.c	2010-08-22 06:27:42.000000000 -0400
@@ -1529,6 +1529,7 @@
       FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
                    i, offsets[i], rlen, flags ));
 
+      /* postpone the check of rlen longer than buffer until FT_Stream_Read() */
       if ( ( flags >> 8 ) == 0 )        /* Comment, should not be loaded */
         continue;
 
@@ -1568,6 +1569,10 @@
         pfb_data[pfb_pos++] = 0;
       }
 
+      error = FT_Err_Cannot_Open_Resource;
+      if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
+        goto Exit2;
+
       error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
       if ( error )
         goto Exit2;