From 481838e2347b9bd7e3a5f580eb6afa967e0c92f6 Mon Sep 17 00:00:00 2001
From: David Turner <david@freetype.org>
Date: Thu, 23 Feb 2006 12:40:14 +0000
Subject: [PATCH]     * src/bdf/bdflib.c: fixed a problem with large encodings.
     Again, this patch comes from Debian libfreetype6 for 2.1.10 !

---
 ChangeLog        | 3 +++
 src/bdf/bdflib.c | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 63bec40df..c35dc7057 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
     this patch comes from the Debian package for libfreetype6 !!
     How come nobody mentions this on the devel list ??
 
+    * src/bdf/bdflib.c: fixed a problem with large encodings.
+    Again, this patch comes from Debian libfreetype6 for 2.1.10 !
+
 2006-02-23  Chia-I Wu  <b90201047@ntu.edu.tw>
 
 	* include/freetype/ftoutln.h (enum FT_Orientation): New value
diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
index 8f7bd6433..70cf75518 100644
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1561,6 +1561,14 @@
 
       p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
 
+      /* Check that the encoding is in the range [0,65536] because        */
+      /* otherwise p->have (a bitmap with static size) overflows.         */
+      if ( p->glyph_enc >= sizeof(p->have)*8 )
+      {
+        error = BDF_Err_Invalid_File_Format;
+        goto Exit;
+      }
+
       /* Check to see whether this encoding has already been encountered. */
       /* If it has then change it to unencoded so it gets added if        */
       /* indicated.                                                       */