kc3-lang/freetype

Browse

Commit 292144b44a15c1a72f2ef76475d65b7a3a3fba67

Werner Lemberg 2012-03-01T14:54:47

[psaux] Fix Savannah bug #35657. If in function `skip_spaces' the routine `skip_comment' comes to the end of buffer, `cur' is still increased by one, so we need to check for `p >= limit' and not `p == limit'. * src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed, PS_Conv_ASCIIHexDecode, PS_Conv_EexecDecode): Fix boundary checking. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

diff --git a/ChangeLog b/ChangeLog
index c9c54c7..65eae18 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2012-03-01  Werner Lemberg  <wl@gnu.org>
 
+	[psaux] Fix Savannah bug #35657.
+
+	If in function `skip_spaces' the routine `skip_comment' comes to the
+	end of buffer, `cur' is still increased by one, so we need to check
+	for `p >= limit' and not `p == limit'.
+
+	* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed,
+	PS_Conv_ASCIIHexDecode, PS_Conv_EexecDecode): Fix boundary checking.
+
+2012-03-01  Werner Lemberg  <wl@gnu.org>
+
 	[truetype] Fix Savannah bug #35646.
 
 	* src/truetype/ttinterp.c (Ins_MIRP): Typo, present since ages.  The
diff --git a/src/psaux/psconv.c b/src/psaux/psconv.c
index 1531d8f..9ea7fb9 100644
--- a/src/psaux/psconv.c
+++ b/src/psaux/psconv.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Some convenience conversions (body).                                 */
 /*                                                                         */
-/*  Copyright 2006, 2008, 2009 by                                          */
+/*  Copyright 2006, 2008, 2009, 2012 by                                    */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -79,7 +79,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit || base < 2 || base > 36 )
+    if ( p >= limit || base < 2 || base > 36 )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -150,7 +150,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit )
+    if ( p >= limit )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -346,7 +346,11 @@
 
 #if 1
 
-    p  = *cursor;
+    p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)( limit - p ) )
       n = (FT_UInt)( limit - p );
 
@@ -434,6 +438,10 @@
 #if 1
 
     p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)(limit - p) )
       n = (FT_UInt)(limit - p);
kmx.io     mail     discord kmxgit v0.4.0