Fix Savannah bug #25597.

* src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length
to become larger than 9.
This commit is contained in:
Werner Lemberg 2009-03-11 10:20:51 +00:00
parent 1e54a65fa8
commit 9318df0cad
2 changed files with 9 additions and 2 deletions

View File

@ -1,3 +1,10 @@
2009-03-11 Bram Tassyns <bramt@enfocus.be>
Fix Savannah bug #25597.
* src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length
to become larger than 9.
2009-03-11 Werner Lemberg <wl@gnu.org>
Fix Savannah bug #25814.

View File

@ -4,7 +4,7 @@
/* */
/* CFF token stream parser (body) */
/* */
/* Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008 by */
/* Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008, 2009 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@ -244,7 +244,7 @@
if ( !nib && !number )
exponent_add--;
/* Only add digit if we don't overflow. */
else if ( number < 0xCCCCCCCL )
else if ( number < 0xCCCCCCCL && fraction_length < 9 )
{
fraction_length++;
number = number * 10 + nib;