Update bundled FreeType to 2.6.1

Change-Id: Ic489f8aa8ad42da3922f542e6c9064afe44f3799
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>

1 files changed, 9 insertions, 4 deletions

diff --git a/src/3rdparty/freetype/src/base/ftmac.c b/src/3rdparty/freetype/src/base/ftmac.c
index 5301ab44fc..114bbb6391 100644
--- a/src/3rdparty/freetype/src/base/ftmac.c
+++ b/src/3rdparty/freetype/src/base/ftmac.c
@@ -8,7 +8,7 @@
 /*  This file is for Mac OS X only; see builds/mac/ftoldmac.c for          */
 /*  classic platforms built by MPW.                                        */
 /*                                                                         */
-/*  Copyright 1996-2009, 2013, 2014 by                                     */
+/*  Copyright 1996-2015 by                                                 */
 /*  Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg.     */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -618,11 +618,11 @@
           total_size += 6; /* code + 4 bytes chunk length */
       }
 
-      total_size += GetHandleSize( post_data ) - 2;
+      total_size += (FT_ULong)GetHandleSize( post_data ) - 2;
       last_code = code;
 
-      /* detect integer overflows */
-      if ( total_size < old_total_size )
+      /* detect resource fork overflow */
+      if ( FT_MAC_RFORK_MAX_LEN < total_size )
       {
         error = FT_THROW( Array_Too_Large );
         goto Error;
@@ -747,6 +747,11 @@
       return FT_THROW( Invalid_Handle );
 
     sfnt_size = (FT_ULong)GetHandleSize( sfnt );
+
+    /* detect resource fork overflow */
+    if ( FT_MAC_RFORK_MAX_LEN < sfnt_size )
+      return FT_THROW( Array_Too_Large );
+
     if ( FT_ALLOC( sfnt_data, (FT_Long)sfnt_size ) )
     {
       ReleaseResource( sfnt );