Sophie

Sophie

distrib > Mandriva > 2007.0 > i586 > by-pkgid > 2195c108a4821eb70c6e0797be22b68a > files > 3

libxfont-1.1.0-4mdv2007.0.src.rpm

From 1bf657186d19887a0916340b544b5534e29da081 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Thu, 13 Jul 2006 10:18:38 -0400
Subject: [PATCH] Bug #7397: Fix a buffer overflow in Freetype font support.

---
 src/FreeType/fttools.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/FreeType/fttools.c b/src/FreeType/fttools.c
index 9251838..5393558 100644
--- a/src/FreeType/fttools.c
+++ b/src/FreeType/fttools.c
@@ -77,7 +77,7 @@ FTu2a(int slen, FT_Byte *from, char *to,
 
     n = 0;
     for (i = 0; i < slen; i += 2) {
-        if(n >= max)
+        if(n >= max - 1)
             break;
         if(HIBYTE(from+i, byte)!=0)
             *to++='?';
@@ -143,9 +143,10 @@ FTGetEnglishName(FT_Face face, int nid, 
     /* Pretend that Apple Roman is ISO 8859-1. */
     if(FTGetName(face, nid, TT_PLATFORM_MACINTOSH, TT_MAC_ID_ROMAN, &name)) {
         len = name.string_len;
-        if(len > name_len)
-            len = name_len;
+        if(len > name_len  - 1)
+            len = name_len - 1;
         memcpy(name_return, name.string, len);
+        name_return[len] = '\0'; /* ensure nul terminaison */
         return len;
     }
 
-- 
1.4.2