head	1.1;
access;
symbols
	pkgsrc-2013Q2:1.1.0.36
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2012Q4:1.1.0.34
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2011Q4:1.1.0.32
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q2:1.1.0.30
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2009Q4:1.1.0.28
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2008Q4:1.1.0.26
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.24
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.22
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.20
	pkgsrc-2008Q2-base:1.1
	pkgsrc-2008Q1:1.1.0.18
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.16
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.14
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.12
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.10
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.8
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.6
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.4
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2006.06.06.07.51.29;	author snj;	state dead;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.06.06.07.51.29;	author snj;	state Exp;
branches;
next	;


desc
@@


1.1
log
@file patch-af was initially added on branch pkgsrc-2006Q1.
@
text
@@


1.1.2.1
log
@Pullup ticket 1686 - requested by salo
security fix for freetype2

Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747,
CVE-2006-1861, and CVE-2006-2661.
@
text
@a0 36
$NetBSD$

--- src/cff/cffgload.c.orig	2005-04-18 06:53:05.000000000 +0200
+++ src/cff/cffgload.c	2006-06-05 23:23:48.000000000 +0200
@@@@ -2284,7 +2284,7 @@@@
   FT_LOCAL_DEF( FT_Error )
   cff_slot_load( CFF_GlyphSlot  glyph,
                  CFF_Size       size,
-                 FT_Int         glyph_index,
+                 FT_UInt         glyph_index,
                  FT_Int32       load_flags )
   {
     FT_Error      error;
@@@@ -2330,7 +2330,7 @@@@
 
         error = sfnt->load_sbit_image( face,
                                        (FT_ULong)size->strike_index,
-                                       (FT_UInt)glyph_index,
+                                       glyph_index,
                                        (FT_Int)load_flags,
                                        stream,
                                        &glyph->root.bitmap,
@@@@ -2393,7 +2393,13 @@@@
       /* subsetted font, glyph_indices and CIDs are identical, though */
       if ( cff->top_font.font_dict.cid_registry != 0xFFFFU &&
            cff->charset.cids )
+      {
+        if ( glyph_index < cff->charset.max_cid )
         glyph_index = cff->charset.cids[glyph_index];
+        else
+          glyph_index = 0;
+      }
+
 
       cff_decoder_init( &decoder, face, size, glyph, hinting,
                         FT_LOAD_TARGET_MODE( load_flags ) );
@