1
Description: Fix off-by-one boundary check error
2
Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5dddcc45a03b336860436a180aec5b358517336b
4
Index: freetype-2.4.8/src/truetype/ttinterp.c
5
===================================================================
6
--- freetype-2.4.8.orig/src/truetype/ttinterp.c 2012-03-20 15:34:02.568354610 -0500
7
+++ freetype-2.4.8/src/truetype/ttinterp.c 2012-03-20 15:45:02.140370287 -0500
9
CUR.length = opcode_length[CUR.opcode];
12
- if ( CUR.IP + 1 > CUR.codeSize )
13
+ if ( CUR.IP + 1 >= CUR.codeSize )
15
CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
19
if ( ( CUR.length = opcode_length[CUR.opcode] ) < 0 )
21
- if ( CUR.IP + 1 > CUR.codeSize )
22
+ if ( CUR.IP + 1 >= CUR.codeSize )
23
goto LErrorCodeOverflow_;
25
CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];