ref: 58cbc465d2ccd904dee755cff791fbb3a866646d
parent: c776fc17bfeaa607405fc96620e9445e7a0965c3
author: Werner Lemberg <[email protected]>
date: Sun Feb 26 00:26:56 EST 2012
[type1] Fix Savannah bug #35606. * src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'. * src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message only if cur < limit.
binary files a/ChangeLog b/ChangeLog differ
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -4,7 +4,7 @@
/* */
/* Auxiliary functions for PostScript fonts (body). */
/* */
-/* Copyright 1996-2011 by */
+/* Copyright 1996-2012 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -589,7 +589,7 @@
}
Exit:
- if ( cur == parser->cursor )
+ if ( cur < limit && cur == parser->cursor )
{FT_ERROR(( "ps_parser_skip_PS_token:"
" current token is `%c' which is self-delimiting\n"
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -1388,7 +1388,8 @@
/* If the next token isn't `dup' we are done. */
- if ( ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
+ if ( parser->root.cursor + 4 < parser->root.limit &&
+ ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
break;
T1_Skip_PS_Token( parser ); /* `dup' */
@@ -1407,7 +1408,8 @@
return;
T1_Skip_Spaces ( parser );
- if ( ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 )
+ if ( parser->root.cursor + 4 < parser->root.limit &&
+ ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 )
{T1_Skip_PS_Token( parser ); /* skip `put' */
T1_Skip_Spaces ( parser );