diff options
| author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-28 07:31:25 -0500 |
|---|---|---|
| committer | Mike DePaulo <mikedep333@gmail.com> | 2015-02-28 18:11:34 -0500 |
| commit | 360fe27b55c93c9c6c86895dbbf5db3efc66cc43 (patch) | |
| tree | 01d8b3510d6a36ceba211168268d09658a8aa68b /freetype/src/sfnt/ttload.c | |
| parent | a769ab7159f0718e189f1aaa8b6a5a046c66c52c (diff) | |
| download | vcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.tar.gz vcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.tar.bz2 vcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.zip | |
Updated to freetype 2.5.5
Conflicts:
freetype/src/base/ftbdf.c
freetype/src/base/fttype1.c
freetype/src/pfr/pfrobjs.c
Diffstat (limited to 'freetype/src/sfnt/ttload.c')
| -rw-r--r-- | freetype/src/sfnt/ttload.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/freetype/src/sfnt/ttload.c b/freetype/src/sfnt/ttload.c index 1ca2dd5c2..fe179360d 100644 --- a/freetype/src/sfnt/ttload.c +++ b/freetype/src/sfnt/ttload.c @@ -5,7 +5,7 @@ /* Load the basic TrueType tables, i.e., tables that can be either in */ /* TTF or OTF fonts (body). */ /* */ -/* Copyright 1996-2010, 2012, 2013 by */ +/* Copyright 1996-2010, 2012-2014 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -207,7 +207,10 @@ } /* we ignore invalid tables */ - if ( table.Offset + table.Length > stream->size ) + + /* table.Offset + table.Length > stream->size ? */ + if ( table.Length > stream->size || + table.Offset > stream->size - table.Length ) { FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn )); continue; @@ -395,7 +398,10 @@ entry->Length = FT_GET_ULONG(); /* ignore invalid tables */ - if ( entry->Offset + entry->Length > stream->size ) + + /* entry->Offset + entry->Length > stream->size ? */ + if ( entry->Length > stream->size || + entry->Offset > stream->size - entry->Length ) continue; else { |