summarylogtreecommitdiffstats
path: root/freetype-2.5.0-CVE-2014-2240.patch
blob: d838de3a265e939211d8da5d943626cd4e66a009 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
From: Dave Arnold <darnold@adobe.com>
Date: Fri, 28 Feb 2014 06:40:01 +0000
Subject: Fix Savannah bug #41697, part 1.

* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
invalid.  In this case, it is not safe to use the length of
`hStemHintArray'; the exception has already been recorded in
`hintMask'.
---
diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
index 5f44161..79f84fc 100644
--- a/src/cff/cf2hints.c
+++ b/src/cff/cf2hints.c
@@ -781,6 +781,8 @@
       cf2_hintmask_setAll( hintMask,
                            cf2_arrstack_size( hStemHintArray ) +
                              cf2_arrstack_size( vStemHintArray ) );
+      if ( !cf2_hintmask_isValid( hintMask ) )
+          return;                   /* too many stem hints */
     }
 
     /* begin by clearing the map */
--
cgit v0.9.0.2