diff options
Diffstat (limited to 'src/base/ftstream.c')
-rw-r--r-- | src/base/ftstream.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/base/ftstream.c b/src/base/ftstream.c index b638599..210aaa4 100644 --- a/src/base/ftstream.c +++ b/src/base/ftstream.c @@ -4,7 +4,7 @@ /* */ /* I/O stream support (body). */ /* */ -/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009 by */ +/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -246,6 +246,18 @@ /* allocate the frame in memory */ FT_Memory memory = stream->memory; + + /* simple sanity check */ + if ( count > stream->size ) + { + FT_ERROR(( "FT_Stream_EnterFrame:" + " frame size (%lu) larger than stream size (%lu)\n", + count, stream->size )); + + error = FT_Err_Invalid_Stream_Operation; + goto Exit; + } + #ifdef FT_DEBUG_MEMORY /* assume _ft_debug_file and _ft_debug_lineno are already set */ stream->base = (unsigned char*)ft_mem_qalloc( memory, count, &error ); @@ -275,7 +287,7 @@ { /* check current and new position */ if ( stream->pos >= stream->size || - stream->pos + count > stream->size ) + stream->size - stream->pos < count ) { FT_ERROR(( "FT_Stream_EnterFrame:" " invalid i/o; pos = 0x%lx, count = %lu, size = 0x%lx\n", |