Re: Buffer overflow in the autohinting code.

freetype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in the autohinting code.

From:	David Turner
Subject:	Re: Buffer overflow in the autohinting code.
Date:	Fri, 25 Aug 2000 09:50:40 +0200

Hi Ramon,

Thanks for your contribution. Actually, this bug has already been
fixed in the current snapshot. See the end of
http://www.freetype.org/beta8.html for a list of other fixed
bugs.. I try to keep it updated

Cheers,

- David

> 
> Hello,
> 
> I was testing ft2lint and ft2view with arial.ttf from
> http://www.microsoft.com/typography/. They crashed in malloc. The
> problem appears to be a buffer overflow. According to Electic Fence,
> the problem happens in the line:
> 
>           memset( segment, 0, sizeof ( *segment ) ); (ahglyph.c: 647)
> 
> I believe that this patch fixes the bug. However, I am not familiar
> with the code of Freetype, so please review it before accepting. In
> my opinion the problem is that in the function the code in
> ah_outline_load does not take into account that two additional segments
> are needed if AH_HINT_METRICS is on.
>

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow in the autohinting code., Ram'on Garc'ia Fern'andez, 2000/08/24
- Re: Buffer overflow in the autohinting code., David Turner <=

Prev by Date: Compiling under DJGPP - it works, but no ftview
Next by Date: Re: Compiling under DJGPP - it works, but no ftview
Previous by thread: Buffer overflow in the autohinting code.
Next by thread: Compiling under DJGPP - it works, but no ftview
Index(es):
- Date
- Thread