3
From 240c94a185cd8dae7d03059abec8a5662c35ecd3 Mon Sep 17 00:00:00 2001
4
From: suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
5
Date: Wed, 26 Nov 2014 06:43:29 +0000
6
Subject: Fix Savannah bug #43538.
8
* src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow
9
by a broken POST table in resource-fork.
11
Index: freetype-2.4.8/src/base/ftobjs.c
12
===================================================================
13
--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:29:22.135617460 -0500
14
+++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:29:22.131617426 -0500
15
@@ -1560,10 +1560,23 @@
17
if ( FT_READ_LONG( temp ) )
20
+ error = FT_Err_Invalid_Offset;
21
+ else if ( 0x7FFFFFFFL - 6 - pfb_len < temp )
22
+ error = FT_Err_Array_Too_Large;
30
- if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) )
31
+ if ( 0x7FFFFFFFL - 2 < pfb_len )
32
+ error = FT_Err_Array_Too_Large;
34
+ error = FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 );