From c94162a2200c16e9614289cf91d6bf0e0b01a01f Mon Sep 17 00:00:00 2001
From: Young Xiao <yangx92@hotmail.com>
Date: Thu, 16 Aug 2018 08:25:47 -0400
Subject: [PATCH] * builds/mac/ftmac.c (parse_fond): Fix buffer overrun.

Reported as bug #54515, duplicate of #43540.
---
 ChangeLog          | 6 ++++++
 builds/mac/ftmac.c | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1125b1e94..e2dd62161 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-08-16  Young Xiao  <yangx92@hotmail.com>
+
+	* builds/mac/ftmac.c (parse_fond): Fix buffer overrun.
+
+	Reported as bug #54515, duplicate of #43540.
+
 2018-08-16  Werner Lemberg  <wl@gnu.org>
 
 	* builds/*/ftsystem.c (FT_COMPONENT): Updated also.
diff --git a/builds/mac/ftmac.c b/builds/mac/ftmac.c
index c45546cee..c19945aca 100644
--- a/builds/mac/ftmac.c
+++ b/builds/mac/ftmac.c
@@ -780,9 +780,10 @@ typedef short ResourceIndex;
       style = (StyleTable*)p;
       p += sizeof ( StyleTable );
       string_count = EndianS16_BtoN( *(short*)(p) );
+      string_count = FT_MIN( 64, string_count );
       p += sizeof ( short );
 
-      for ( i = 0; i < string_count && i < 64; i++ )
+      for ( i = 0; i < string_count; i++ )
       {
         names[i] = p;
         p       += names[i][0];
@@ -799,7 +800,7 @@ typedef short ResourceIndex;
           ps_name[ps_name_len] = 0;
         }
         if ( style->indexes[face_index] > 1 &&
-             style->indexes[face_index] <= FT_MIN( string_count, 64 ) )
+             style->indexes[face_index] <= string_count )
         {
           unsigned char*  suffixes = names[style->indexes[face_index] - 1];