shithub: freetype+ttf2subf

Download patch

ref: dabf0535a8858458704dbdfa5c128265e88e48f3
parent: 4bcf957406f8876bf3f427305b251d1a5f02eab0
author: Suzuki, Toshiya (鈴木俊哉) <[email protected]>
date: Thu Mar 22 01:23:53 EDT 2007

Temporal fix for 32bit unsigned long overflow on LP64 platform

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2007-03-22  suzuki toshiya  <[email protected]>
 
+	* builds/unix/ftsystem.c (FT_Stream_Open): Temporal fix to prevent
+	32bit unsigned long overflow by 64bit filesize on LP64 platform,
+	proposed by Sean McBride:
+	http://lists.gnu.org/archive/html/freetype-devel/2007-03/msg00032.html
+
+2007-03-22  suzuki toshiya  <[email protected]>
+
 	* builds/unix/ftconfig.in: Suppress SGI compiler's warning against
 	setjmp, proposed by Sean McBride:
 	http://lists.gnu.org/archive/html/freetype-devel/2007-03/msg00032.html
--- a/builds/unix/ftsystem.c
+++ b/builds/unix/ftsystem.c
@@ -266,7 +266,21 @@
       goto Fail_Map;
     }
 
-    stream->size = stat_buf.st_size;
+    /* XXX: TODO -- real 64bit platform support                        */
+    /* stream->size is typed to unsigned long (freetype/ftsystem.h)    */
+    /* stat_buf.st_size is usually typed to off_t (sys/stat.h)         */
+    /* On some platforms, the former is 32bit and the latter is 64bit. */
+    /* To avoid overflow caused by font in huge file larger than 2G,   */
+    /* do a test. Temporal fix proposed by Sean McBride                */
+    /*                                                                 */
+    if ( stat_buf.st_size > ULONG_MAX )
+    {
+      FT_ERROR(( "FT_Stream_Open: file is too big" ));
+      goto Fail_Map;
+    }
+
+    /* This cast potentially truncates a 64bit to 32bit! */
+    stream->size = (unsigned long)stat_buf.st_size;
     stream->pos  = 0;
     stream->base = (unsigned char *)mmap( NULL,
                                           stream->size,