summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Palmer <palmer@google.com>2010-08-09 11:16:59 -0700
committerChris Palmer <palmer@google.com>2010-08-09 11:16:59 -0700
commite40a4d28fb07f97096cf9ea72b4ab26dfa885c79 (patch)
tree60f6d3c40590a7dc310bfe91e1d88f8b552bda3f
parentcf16c2a2b641d98b99f7e943091c530e41f1d62e (diff)
downloadandroid_external_freetype-e40a4d28fb07f97096cf9ea72b4ab26dfa885c79.tar.gz
android_external_freetype-e40a4d28fb07f97096cf9ea72b4ab26dfa885c79.tar.bz2
android_external_freetype-e40a4d28fb07f97096cf9ea72b4ab26dfa885c79.zip
Apply patch to fix bug used in iPhone jailbreak.
See for more info: Change-Id: Ia9b2e707da92fe2dc613a616e497da933f75434f http://www.vupen.com/english/advisories/2010/2018 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc http://b/editIssue?id=2902971&query=
-rw-r--r--src/cff/cffgload.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 9330c05..4e17eb6 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2448,7 +2448,10 @@
return CFF_Err_Unimplemented_Feature;
}
- decoder->top = args;
+ decoder->top = args;
+
+ if ( decoder->top - stack >= CFF_MAX_OPERANDS )
+ goto Stack_Overflow;
} /* general operator processing */