File CVE-2012-1135.patch of Package freetype2

From 5dddcc45a03b336860436a180aec5b358517336b Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 01 Mar 2012 06:52:24 +0000
Subject: [truetype] Fix Savannah bug #35640.

* src/truetype/ttinterp.c (SkipCode, TT_RunIns): Fix boundary check
for NPUSHB and NPUSHW instructions.
---
---
 src/truetype/ttinterp.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: freetype-2.4.4/src/truetype/ttinterp.c
===================================================================
--- freetype-2.4.4.orig/src/truetype/ttinterp.c
+++ freetype-2.4.4/src/truetype/ttinterp.c
@@ -4445,7 +4445,7 @@
       CUR.length = opcode_length[CUR.opcode];
       if ( CUR.length < 0 )
       {
-        if ( CUR.IP + 1 > CUR.codeSize )
+        if ( CUR.IP + 1 >= CUR.codeSize )
           goto Fail_Overflow;
         CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
       }
@@ -7440,7 +7440,7 @@
 
       if ( ( CUR.length = opcode_length[CUR.opcode] ) < 0 )
       {
-        if ( CUR.IP + 1 > CUR.codeSize )
+        if ( CUR.IP + 1 >= CUR.codeSize )
           goto LErrorCodeOverflow_;
 
         CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];