Blame SOURCES/freetype-2.4.11-CVE-2014-9664b.patch

43e195
From dd89710f0f643eb0f99a3830e0712d26c7642acd Mon Sep 17 00:00:00 2001
43e195
From: Werner Lemberg <wl@gnu.org>
43e195
Date: Fri, 21 Nov 2014 21:19:28 +0000
43e195
Subject: [type1, type42] Fix Savannah bug #43655.
43e195
43e195
* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c
43e195
(t42_parse_charstrings): Fix boundary testing.
43e195
---
43e195
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
43e195
index fd06432..caa75bd 100644
43e195
--- a/src/type1/t1load.c
43e195
+++ b/src/type1/t1load.c
43e195
@@ -1602,7 +1602,7 @@
43e195
         FT_PtrDist  len;
43e195
 
43e195
 
43e195
-        if ( cur + 1 >= limit )
43e195
+        if ( cur + 2 >= limit )
43e195
         {
43e195
           error = T1_Err_Invalid_File_Format;
43e195
           goto Fail;
43e195
diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c
43e195
index 9b66888..a60e216 100644
43e195
--- a/src/type42/t42parse.c
43e195
+++ b/src/type42/t42parse.c
43e195
@@ -837,7 +837,7 @@
43e195
         FT_PtrDist  len;
43e195
 
43e195
 
43e195
-        if ( cur + 1 >= limit )
43e195
+        if ( cur + 2 >= limit )
43e195
         {
43e195
           FT_ERROR(( "t42_parse_charstrings: out of bounds\n" ));
43e195
           error = T42_Err_Invalid_File_Format;
43e195
--
43e195
cgit v0.9.0.2