From 1bf657186d19887a0916340b544b5534e29da081 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb <matthieu.herrb@laas.fr> Date: Thu, 13 Jul 2006 10:18:38 -0400 Subject: [PATCH] Bug #7397: Fix a buffer overflow in Freetype font support. --- src/FreeType/fttools.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/FreeType/fttools.c b/src/FreeType/fttools.c index 9251838..5393558 100644 --- a/src/FreeType/fttools.c +++ b/src/FreeType/fttools.c @@ -77,7 +77,7 @@ FTu2a(int slen, FT_Byte *from, char *to, n = 0; for (i = 0; i < slen; i += 2) { - if(n >= max) + if(n >= max - 1) break; if(HIBYTE(from+i, byte)!=0) *to++='?'; @@ -143,9 +143,10 @@ FTGetEnglishName(FT_Face face, int nid, /* Pretend that Apple Roman is ISO 8859-1. */ if(FTGetName(face, nid, TT_PLATFORM_MACINTOSH, TT_MAC_ID_ROMAN, &name)) { len = name.string_len; - if(len > name_len) - len = name_len; + if(len > name_len - 1) + len = name_len - 1; memcpy(name_return, name.string, len); + name_return[len] = '\0'; /* ensure nul terminaison */ return len; } -- 1.4.2