Commit dabf0535a8858458704dbdfa5c128265e88e48f3
2007-03-22T05:23:53
Temporal fix for 32bit unsigned long overflow on LP64 platform
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
diff --git a/ChangeLog b/ChangeLog
index aa8b07e..58c9ddf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2007-03-22 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+ * builds/unix/ftsystem.c (FT_Stream_Open): Temporal fix to prevent
+ 32bit unsigned long overflow by 64bit filesize on LP64 platform,
+ proposed by Sean McBride:
+ http://lists.gnu.org/archive/html/freetype-devel/2007-03/msg00032.html
+
+2007-03-22 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+
* builds/unix/ftconfig.in: Suppress SGI compiler's warning against
setjmp, proposed by Sean McBride:
http://lists.gnu.org/archive/html/freetype-devel/2007-03/msg00032.html
diff --git a/builds/unix/ftsystem.c b/builds/unix/ftsystem.c
index c46b1c0..79a30d3 100644
--- a/builds/unix/ftsystem.c
+++ b/builds/unix/ftsystem.c
@@ -266,7 +266,21 @@
goto Fail_Map;
}
- stream->size = stat_buf.st_size;
+ /* XXX: TODO -- real 64bit platform support */
+ /* stream->size is typed to unsigned long (freetype/ftsystem.h) */
+ /* stat_buf.st_size is usually typed to off_t (sys/stat.h) */
+ /* On some platforms, the former is 32bit and the latter is 64bit. */
+ /* To avoid overflow caused by font in huge file larger than 2G, */
+ /* do a test. Temporal fix proposed by Sean McBride */
+ /* */
+ if ( stat_buf.st_size > ULONG_MAX )
+ {
+ FT_ERROR(( "FT_Stream_Open: file is too big" ));
+ goto Fail_Map;
+ }
+
+ /* This cast potentially truncates a 64bit to 32bit! */
+ stream->size = (unsigned long)stat_buf.st_size;
stream->pos = 0;
stream->base = (unsigned char *)mmap( NULL,
stream->size,