diff options
Diffstat (limited to 'freetype/src/type1/t1parse.c')
-rw-r--r-- | freetype/src/type1/t1parse.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/freetype/src/type1/t1parse.c b/freetype/src/type1/t1parse.c index 52aad905c..3a4511f07 100644 --- a/freetype/src/type1/t1parse.c +++ b/freetype/src/type1/t1parse.c @@ -342,7 +342,7 @@ { c = cur[0]; if ( c == 'e' && cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */ - /* newline + 4 chars */ + /* whitespace + 4 chars */ { if ( cur[1] == 'e' && cur[2] == 'x' && @@ -364,7 +364,8 @@ /* or string (as e.g. in u003043t.gsf from ghostscript) */ parser->root.cursor = parser->base_dict; - parser->root.limit = cur + 9; + /* set limit to `eexec' + whitespace + 4 characters */ + parser->root.limit = cur + 10; cur = parser->root.cursor; limit = parser->root.limit; @@ -396,7 +397,8 @@ parser->root.limit = parser->base_dict + parser->base_len; T1_Skip_PS_Token( parser ); - cur = parser->root.cursor; + cur = parser->root.cursor; + limit = parser->root.limit; /* according to the Type1 spec, the first cipher byte must not be */ /* an ASCII whitespace character code (blank, tab, carriage return */ @@ -437,11 +439,12 @@ /* now determine whether the private dictionary is encoded in binary */ /* or hexadecimal ASCII format -- decode it accordingly */ - /* we need to access the next 4 bytes (after the final \r following */ - /* the `eexec' keyword); if they all are hexadecimal digits, then */ - /* we have a case of ASCII storage */ + /* we need to access the next 4 bytes (after the final whitespace */ + /* following the `eexec' keyword); if they all are hexadecimal */ + /* digits, then we have a case of ASCII storage */ - if ( ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && + if ( cur + 3 < limit && + ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) ) { /* ASCII hexadecimal encoding */ |