shithub: freetype+ttf2subf

Download patch

ref: f7ecdbc70aa597b76f60d18d9d25fdab6da2d998
parent: a8c515d25c22da15d4a29c91267a2d4cc049de5a
author: suzuki toshiya <[email protected]>
date: Fri Jul 31 20:30:12 EDT 2009

type1: Check invalid string longer than PostScript limit.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2009-07-31  suzuki toshiya <[email protected]>
 
+	type1: Check invalid string longer than PostScript limit.
+
+	* src/type1/t1afm.c (t1_get_index): Check invalid string
+	which exceeds the limit of PostScript string/name objects.
+
+2009-07-31  suzuki toshiya <[email protected]>
+
 	gzip: Use FT2 zcalloc() & zfree() in ftgzip.c by default.
 
 	* src/gzip/ftgzip.c (zcalloc, zcfree): Disable all
--- a/src/type1/t1afm.c
+++ b/src/type1/t1afm.c
@@ -57,6 +57,10 @@
     FT_Int   n;
 
 
+    /* PS string/name length must be < 16-bit */
+    if ( ( len - 0xFFFFU ) > 0 )
+      return 0;
+
     for ( n = 0; n < type1->num_glyphs; n++ )
     {
       char*  gname = (char*)type1->glyph_names[n];