diff options
Diffstat (limited to 'freetype/src/type1/t1parse.c')
-rw-r--r-- | freetype/src/type1/t1parse.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/freetype/src/type1/t1parse.c b/freetype/src/type1/t1parse.c index 75d1419a1..52aad905c 100644 --- a/freetype/src/type1/t1parse.c +++ b/freetype/src/type1/t1parse.c @@ -4,7 +4,7 @@ /* */ /* Type 1 parser (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2008, 2009 by */ +/* Copyright 1996-2005, 2008, 2009, 2012 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -164,7 +164,7 @@ error = check_type1_format( stream, "%!FontType", 10 ); if ( error ) { - FT_TRACE2(( "[not a Type1 font]\n" )); + FT_TRACE2(( " not a Type 1 font\n" )); goto Exit; } } @@ -404,7 +404,7 @@ /* characters... So skip now all whitespace character codes. */ while ( cur < limit && ( *cur == ' ' || - *cur == '\t' || + *cur == '\t' || *cur == '\r' || *cur == '\n' ) ) ++cur; @@ -467,6 +467,14 @@ /* we now decrypt the encoded binary private dictionary */ psaux->t1_decrypt( parser->private_dict, parser->private_len, 55665U ); + if ( parser->private_len < 4 ) + { + FT_ERROR(( "T1_Get_Private_Dict:" + " invalid private dictionary section\n" )); + error = T1_Err_Invalid_File_Format; + goto Fail; + } + /* replace the four random bytes at the beginning with whitespace */ parser->private_dict[0] = ' '; parser->private_dict[1] = ' '; |