diff options
author | marha <marha@users.sourceforge.net> | 2013-02-13 09:55:16 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2013-02-13 09:55:16 +0100 |
commit | 88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4 (patch) | |
tree | ded42639873b943c7ec97b06961ad067228652d1 /freetype/src/type1/t1parse.c | |
parent | 3247a4e031a7d5160332c0d7ca2a91a516c082bb (diff) | |
parent | aaf21968deb85b635cb6aa6544df233ea5981346 (diff) | |
download | vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.tar.gz vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.tar.bz2 vcxsrv-88bcd02cfecbf8ba9cf726b0d337c56f9c9b2bc4.zip |
Merge remote-tracking branch 'origin/released'
* origin/released:
Update to following packages:
Conflicts:
freetype/src/autofit/afhints.c
freetype/src/autofit/afmodule.c
freetype/src/psaux/psconv.c
freetype/src/sfnt/sfntpic.h
openssl/Makefile
openssl/util/pl/VC-32.pl
Diffstat (limited to 'freetype/src/type1/t1parse.c')
-rw-r--r-- | freetype/src/type1/t1parse.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/freetype/src/type1/t1parse.c b/freetype/src/type1/t1parse.c index 52aad905c..3a4511f07 100644 --- a/freetype/src/type1/t1parse.c +++ b/freetype/src/type1/t1parse.c @@ -342,7 +342,7 @@ { c = cur[0]; if ( c == 'e' && cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */ - /* newline + 4 chars */ + /* whitespace + 4 chars */ { if ( cur[1] == 'e' && cur[2] == 'x' && @@ -364,7 +364,8 @@ /* or string (as e.g. in u003043t.gsf from ghostscript) */ parser->root.cursor = parser->base_dict; - parser->root.limit = cur + 9; + /* set limit to `eexec' + whitespace + 4 characters */ + parser->root.limit = cur + 10; cur = parser->root.cursor; limit = parser->root.limit; @@ -396,7 +397,8 @@ parser->root.limit = parser->base_dict + parser->base_len; T1_Skip_PS_Token( parser ); - cur = parser->root.cursor; + cur = parser->root.cursor; + limit = parser->root.limit; /* according to the Type1 spec, the first cipher byte must not be */ /* an ASCII whitespace character code (blank, tab, carriage return */ @@ -437,11 +439,12 @@ /* now determine whether the private dictionary is encoded in binary */ /* or hexadecimal ASCII format -- decode it accordingly */ - /* we need to access the next 4 bytes (after the final \r following */ - /* the `eexec' keyword); if they all are hexadecimal digits, then */ - /* we have a case of ASCII storage */ + /* we need to access the next 4 bytes (after the final whitespace */ + /* following the `eexec' keyword); if they all are hexadecimal */ + /* digits, then we have a case of ASCII storage */ - if ( ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && + if ( cur + 3 < limit && + ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) ) { /* ASCII hexadecimal encoding */ |