File bnc629447_CVE-2010-2805.diff of Package freetype2
From 45a3c76b547511fa9d97aca34b150a0663257375 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Wed, 04 Aug 2010 13:54:55 +0000
Subject: Fix Savannah bug #30644.
* src/base/ftstream.c (FT_Stream_EnterFrame): Fix comparison.
---
---
src/base/ftstream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: freetype-2.3.9/src/base/ftstream.c
===================================================================
--- freetype-2.3.9.orig/src/base/ftstream.c
+++ freetype-2.3.9/src/base/ftstream.c
@@ -294,7 +294,7 @@
{
/* check current and new position */
if ( stream->pos >= stream->size ||
- stream->pos + count > stream->size )
+ stream->size - stream->pos < count )
{
FT_ERROR(( "FT_Stream_EnterFrame:" ));
FT_ERROR(( " invalid i/o; pos = 0x%lx, count = %lu, size = 0x%lx\n",