ref: 9318df0cad2b85ddc3509191e83a9927252dc7c8
parent: 1e54a65fa8355e948c37486dd98f34aaf6512230
author: Werner Lemberg <[email protected]>
date: Wed Mar 11 06:20:51 EDT 2009
Fix Savannah bug #25597. * src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length to become larger than 9.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-03-11 Bram Tassyns <[email protected]>
+
+ Fix Savannah bug #25597.
+
+ * src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length
+ to become larger than 9.
+
2009-03-11 Werner Lemberg <[email protected]>
Fix Savannah bug #25814.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -4,7 +4,7 @@
/* */
/* CFF token stream parser (body) */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008 by */
+/* Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008, 2009 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -244,7 +244,7 @@
if ( !nib && !number )
exponent_add--;
/* Only add digit if we don't overflow. */
- else if ( number < 0xCCCCCCCL )
+ else if ( number < 0xCCCCCCCL && fraction_length < 9 )
{fraction_length++;
number = number * 10 + nib;