diff --git a/ChangeLog b/ChangeLog index 9a98b10f8..044c3b040 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2012-02-26 Werner Lemberg + + [type1] Fix Savannah bug #35606. + + * src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'. + + * src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message + only if cur < limit. + 2012-02-25 Werner Lemberg [pcf] Fix Savannah bug #35603. diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c index a28b5fc24..06df6e664 100644 --- a/src/psaux/psobjs.c +++ b/src/psaux/psobjs.c @@ -4,7 +4,7 @@ /* */ /* Auxiliary functions for PostScript fonts (body). */ /* */ -/* Copyright 1996-2011 by */ +/* Copyright 1996-2012 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -589,7 +589,7 @@ } Exit: - if ( cur == parser->cursor ) + if ( cur < limit && cur == parser->cursor ) { FT_ERROR(( "ps_parser_skip_PS_token:" " current token is `%c' which is self-delimiting\n" diff --git a/src/type1/t1load.c b/src/type1/t1load.c index 990f85f9f..a0adfd490 100644 --- a/src/type1/t1load.c +++ b/src/type1/t1load.c @@ -1388,7 +1388,8 @@ /* If the next token isn't `dup' we are done. */ - if ( ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 ) + if ( parser->root.cursor + 4 < parser->root.limit && + ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 ) break; T1_Skip_PS_Token( parser ); /* `dup' */ @@ -1407,7 +1408,8 @@ return; T1_Skip_Spaces ( parser ); - if ( ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 ) + if ( parser->root.cursor + 4 < parser->root.limit && + ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 ) { T1_Skip_PS_Token( parser ); /* skip `put' */ T1_Skip_Spaces ( parser );