/* */
/* Type 1 parser (body). */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2008, 2009 by */
+/* Copyright 1996-2005, 2008, 2009, 2012 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
T1_Skip_PS_Token( parser );
cur = parser->root.cursor;
- if ( *cur == '\r' )
- {
- cur++;
- if ( *cur == '\n' )
- cur++;
- }
- else if ( *cur == '\n' )
- cur++;
- else
+
+ /* according to the Type1 spec, the first cipher byte must not be */
+ /* an ASCII whitespace character code (blank, tab, carriage return */
+ /* or line feed). We have seen Type 1 fonts with two line feed */
+ /* characters... So skip now all whitespace character codes. */
+ while ( cur < limit &&
+ ( *cur == ' ' ||
+ *cur == '\t' ||
+ *cur == '\r' ||
+ *cur == '\n' ) )
+ ++cur;
+ if ( cur >= limit )
{
FT_ERROR(( "T1_Get_Private_Dict:"
" `eexec' not properly terminated\n" ));
/* we now decrypt the encoded binary private dictionary */
psaux->t1_decrypt( parser->private_dict, parser->private_len, 55665U );
+ if ( parser->private_len < 4 )
+ {
+ FT_ERROR(( "T1_Get_Private_Dict:"
+ " invalid private dictionary section\n" ));
+ error = T1_Err_Invalid_File_Format;
+ goto Fail;
+ }
+
/* replace the four random bytes at the beginning with whitespace */
parser->private_dict[0] = ' ';
parser->private_dict[1] = ' ';