e3508cd4d6
looks good thanks for the update OBS-URL: https://build.opensuse.org/request/show/55068 OBS-URL: https://build.opensuse.org/package/show/M17N/freetype2?expand=0&rev=40
37 lines
925 B
Diff
37 lines
925 B
Diff
---
|
|
src/cff/cffgload.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
Index: freetype-2.4.2/src/cff/cffgload.c
|
|
===================================================================
|
|
--- freetype-2.4.2.orig/src/cff/cffgload.c
|
|
+++ freetype-2.4.2/src/cff/cffgload.c
|
|
@@ -204,7 +204,7 @@
|
|
2, /* hsbw */
|
|
0,
|
|
0,
|
|
- 0,
|
|
+ 1,
|
|
5, /* seac */
|
|
4, /* sbw */
|
|
2 /* setcurrentpoint */
|
|
@@ -2041,6 +2041,9 @@
|
|
if ( Rand >= 0x8000L )
|
|
Rand++;
|
|
|
|
+ if ( args - stack >= CFF_MAX_OPERANDS )
|
|
+ goto Stack_Overflow;
|
|
+
|
|
args[0] = Rand;
|
|
seed = FT_MulFix( seed, 0x10000L - seed );
|
|
if ( seed == 0 )
|
|
@@ -2166,6 +2169,8 @@
|
|
case cff_op_dup:
|
|
FT_TRACE4(( " dup\n" ));
|
|
|
|
+ if ( args + 1 - stack >= CFF_MAX_OPERANDS )
|
|
+ goto Stack_Overflow;
|
|
args[1] = args[0];
|
|
args += 2;
|
|
break;
|