From cec3f6878e37fcd1c6c15e0e2ab011931d55549e Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Thu, 5 Nov 2015 16:00:40 -0800 Subject: Merge to XFA: Update bundled freetype to 2.6.1 Also adds a README.pdfium and 0000-include.patch that details the local modifications made. Also rolls testing/corpus to 45f88c6914fcac26ad930bb0ebbfa468c21db0a5 which includes regenerated corpus expectations. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1413673003 . (cherry picked from commit 87ee069d05ca06f60d6cfacd9e426739d8f2053d) Review URL: https://codereview.chromium.org/1416993005 . --- third_party/freetype/src/base/ftmac.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'third_party/freetype/src/base/ftmac.c') diff --git a/third_party/freetype/src/base/ftmac.c b/third_party/freetype/src/base/ftmac.c index 5301ab44fc..114bbb6391 100644 --- a/third_party/freetype/src/base/ftmac.c +++ b/third_party/freetype/src/base/ftmac.c @@ -8,7 +8,7 @@ /* This file is for Mac OS X only; see builds/mac/ftoldmac.c for */ /* classic platforms built by MPW. */ /* */ -/* Copyright 1996-2009, 2013, 2014 by */ +/* Copyright 1996-2015 by */ /* Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -618,11 +618,11 @@ total_size += 6; /* code + 4 bytes chunk length */ } - total_size += GetHandleSize( post_data ) - 2; + total_size += (FT_ULong)GetHandleSize( post_data ) - 2; last_code = code; - /* detect integer overflows */ - if ( total_size < old_total_size ) + /* detect resource fork overflow */ + if ( FT_MAC_RFORK_MAX_LEN < total_size ) { error = FT_THROW( Array_Too_Large ); goto Error; @@ -747,6 +747,11 @@ return FT_THROW( Invalid_Handle ); sfnt_size = (FT_ULong)GetHandleSize( sfnt ); + + /* detect resource fork overflow */ + if ( FT_MAC_RFORK_MAX_LEN < sfnt_size ) + return FT_THROW( Array_Too_Large ); + if ( FT_ALLOC( sfnt_data, (FT_Long)sfnt_size ) ) { ReleaseResource( sfnt ); -- cgit v1.2.3