From e40a4d28fb07f97096cf9ea72b4ab26dfa885c79 Mon Sep 17 00:00:00 2001
From: Chris Palmer <palmer@google.com>
Date: Mon, 9 Aug 2010 11:16:59 -0700
Subject: Apply patch to fix bug used in iPhone jailbreak.

See for more info:

Change-Id: Ia9b2e707da92fe2dc613a616e497da933f75434f
http://www.vupen.com/english/advisories/2010/2018
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc
http://b/editIssue?id=2902971&query=
---
 src/cff/cffgload.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 9330c05..4e17eb6 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2448,7 +2448,10 @@
           return CFF_Err_Unimplemented_Feature;
         }
 
-      decoder->top = args;
+        decoder->top = args;
+
+        if ( decoder->top - stack >= CFF_MAX_OPERANDS )
+          goto Stack_Overflow;
 
       } /* general operator processing */
 
-- 
cgit v1.2.3