Fix Savannah bug #25597.

* src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length to become larger than 9.
2009-03-11 10:20:51 +00:00 · 2009-03-11 10:20:51 +00:00 · 9318df0cad
parent 1e54a65fa8
commit 9318df0cad
2 changed files with 9 additions and 2 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2009-03-11  Bram Tassyns  <bramt@enfocus.be>
+
+	Fix Savannah bug #25597.
+
+	* src/cff/cffparse.c (cff_parse_real): Don't allow fraction_length
+	to become larger than 9.
+
 2009-03-11  Werner Lemberg  <wl@gnu.org>

 	Fix Savannah bug #25814.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@ -4,7 +4,7 @@
 /*                                                                         */
 /*    CFF token stream parser (body)                                       */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008 by                   */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008, 2009 by             */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@ -244,7 +244,7 @@
        if ( !nib && !number )
          exponent_add--;
        /* Only add digit if we don't overflow. */
-        else if ( number < 0xCCCCCCCL )
+        else if ( number < 0xCCCCCCCL && fraction_length < 9 )
        {
          fraction_length++;
          number = number * 10 + nib;