Overview

File bnc628213_1797.diff of Package freetype2

---
 src/cff/cffgload.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Index: freetype-2.3.9/src/cff/cffgload.c
===================================================================
--- freetype-2.3.9.orig/src/cff/cffgload.c
+++ freetype-2.3.9/src/cff/cffgload.c
@@ -203,7 +203,7 @@
     2, /* hsbw */
     0,
     0,
-    0
+    1
   };
 
 
@@ -1964,6 +1964,9 @@
             if ( Rand >= 0x8000L )
               Rand++;
 
+	    if ( args - stack >= CFF_MAX_OPERANDS )
+	      goto Stack_Overflow;
+
             args[0] = Rand;
             seed    = FT_MulFix( seed, 0x10000L - seed );
             if ( seed == 0 )
@@ -2089,6 +2092,8 @@
         case cff_op_dup:
           FT_TRACE4(( " dup\n" ));
 
+	  if ( args + 1 - stack >= CFF_MAX_OPERANDS )
+	    goto Stack_Overflow;
           args[1] = args[0];
           args++;
           break;
openSUSE Build Service is sponsored by
Places