From aaf21968deb85b635cb6aa6544df233ea5981346 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Wed, 13 Feb 2013 09:48:21 +0100
Subject: Update to following packages:

openssl-1.0.1e
freetype-2.4.11
---
 freetype/src/type1/t1parse.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'freetype/src/type1/t1parse.c')

diff --git a/freetype/src/type1/t1parse.c b/freetype/src/type1/t1parse.c
index 495527962..b48651a01 100644
--- a/freetype/src/type1/t1parse.c
+++ b/freetype/src/type1/t1parse.c
@@ -342,7 +342,7 @@
       {
         c = cur[0];
         if ( c == 'e' && cur + 9 < limit )  /* 9 = 5 letters for `eexec' + */
-                                            /* newline + 4 chars           */
+                                            /* whitespace + 4 chars        */
         {
           if ( cur[1] == 'e' &&
                cur[2] == 'x' &&
@@ -364,7 +364,8 @@
       /* or string (as e.g. in u003043t.gsf from ghostscript)       */
 
       parser->root.cursor = parser->base_dict;
-      parser->root.limit  = cur + 9;
+      /* set limit to `eexec' + whitespace + 4 characters */
+      parser->root.limit  = cur + 10;
 
       cur   = parser->root.cursor;
       limit = parser->root.limit;
@@ -396,7 +397,8 @@
       parser->root.limit = parser->base_dict + parser->base_len;
 
       T1_Skip_PS_Token( parser );
-      cur = parser->root.cursor;
+      cur   = parser->root.cursor;
+      limit = parser->root.limit;
 
       /* according to the Type1 spec, the first cipher byte must not be  */
       /* an ASCII whitespace character code (blank, tab, carriage return */
@@ -437,11 +439,12 @@
       /* now determine whether the private dictionary is encoded in binary */
       /* or hexadecimal ASCII format -- decode it accordingly              */
 
-      /* we need to access the next 4 bytes (after the final \r following */
-      /* the `eexec' keyword); if they all are hexadecimal digits, then   */
-      /* we have a case of ASCII storage                                  */
+      /* we need to access the next 4 bytes (after the final whitespace */
+      /* following the `eexec' keyword); if they all are hexadecimal    */
+      /* digits, then we have a case of ASCII storage                   */
 
-      if ( ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) &&
+      if ( cur + 3 < limit                                &&
+           ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) &&
            ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) )
       {
         /* ASCII hexadecimal encoding */
-- 
cgit v1.2.3