head	1.1;
access;
symbols
	pkgsrc-2013Q2:1.1.0.36
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2012Q4:1.1.0.34
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2011Q4:1.1.0.32
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q2:1.1.0.30
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2009Q4:1.1.0.28
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2008Q4:1.1.0.26
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.24
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.22
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.20
	pkgsrc-2008Q2-base:1.1
	pkgsrc-2008Q1:1.1.0.18
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.16
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.14
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.12
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.10
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.8
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.6
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.4
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2006.06.06.07.51.29;	author snj;	state dead;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.06.06.07.51.29;	author snj;	state Exp;
branches;
next	;


desc
@@


1.1
log
@file patch-ak was initially added on branch pkgsrc-2006Q1.
@
text
@@


1.1.2.1
log
@Pullup ticket 1686 - requested by salo
security fix for freetype2

Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747,
CVE-2006-1861, and CVE-2006-2661.
@
text
@a0 15
$NetBSD$

--- src/sfnt/ttcmap.c.orig	2005-05-11 16:37:40.000000000 +0200
+++ src/sfnt/ttcmap.c	2006-06-05 23:39:06.000000000 +0200
@@@@ -2144,9 +2144,7 @@@@
       charmap.encoding    = FT_ENCODING_NONE;  /* will be filled later */
       offset              = TT_NEXT_ULONG( p );
 
-      if ( offset                     &&
-           table + offset + 2 < limit &&
-           table + offset >= table    )
+      if ( offset && offset <= face->cmap_size - 2 )
       {
         FT_Byte*                       cmap   = table + offset;
         volatile FT_UInt               format = TT_PEEK_USHORT( cmap );
@