diff options
Diffstat (limited to 'third_party/freetype/src/base/ftmac.c')
-rw-r--r-- | third_party/freetype/src/base/ftmac.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/third_party/freetype/src/base/ftmac.c b/third_party/freetype/src/base/ftmac.c index 5301ab44fc..114bbb6391 100644 --- a/third_party/freetype/src/base/ftmac.c +++ b/third_party/freetype/src/base/ftmac.c @@ -8,7 +8,7 @@ /* This file is for Mac OS X only; see builds/mac/ftoldmac.c for */ /* classic platforms built by MPW. */ /* */ -/* Copyright 1996-2009, 2013, 2014 by */ +/* Copyright 1996-2015 by */ /* Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -618,11 +618,11 @@ total_size += 6; /* code + 4 bytes chunk length */ } - total_size += GetHandleSize( post_data ) - 2; + total_size += (FT_ULong)GetHandleSize( post_data ) - 2; last_code = code; - /* detect integer overflows */ - if ( total_size < old_total_size ) + /* detect resource fork overflow */ + if ( FT_MAC_RFORK_MAX_LEN < total_size ) { error = FT_THROW( Array_Too_Large ); goto Error; @@ -747,6 +747,11 @@ return FT_THROW( Invalid_Handle ); sfnt_size = (FT_ULong)GetHandleSize( sfnt ); + + /* detect resource fork overflow */ + if ( FT_MAC_RFORK_MAX_LEN < sfnt_size ) + return FT_THROW( Array_Too_Large ); + if ( FT_ALLOC( sfnt_data, (FT_Long)sfnt_size ) ) { ReleaseResource( sfnt ); |