From b9d2a0e2ad64f3c7a2e40e549b7010043f27f3ed Mon Sep 17 00:00:00 2001
From: suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
Date: Fri, 3 Jul 2009 18:01:24 +0900
Subject: [PATCH] cache: Check 32-bit glyph index on 16-bit systems.

---
 ChangeLog            |  8 ++++++++
 src/cache/ftcbasic.c | 11 ++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 5365a5f8d..bc8306706 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-07-03  suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+
+	cache: Check 32-bit glyph index on 16-bit systems.
+
+	* src/cache/ftcbasic.c (ftc_basic_family_get_count):
+	Check overflow caused by the face including large
+	number of glyphs > 64k.
+
 2009-07-03  suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
 
 	cache: Fix some data types mismatching with their sources.
diff --git a/src/cache/ftcbasic.c b/src/cache/ftcbasic.c
index 0340ffe38..6519c5e74 100644
--- a/src/cache/ftcbasic.c
+++ b/src/cache/ftcbasic.c
@@ -25,6 +25,8 @@
 #include "ftccback.h"
 #include "ftcerror.h"
 
+#define FT_COMPONENT  trace_cache
+
 
 #ifdef FT_CONFIG_OPTION_OLD_INTERNALS
 
@@ -139,8 +141,15 @@
 
     error = FTC_Manager_LookupFace( manager, family->attrs.scaler.face_id,
                                     &face );
+
+    if ( (FT_ULong)face->num_glyphs > FT_UINT_MAX || 0 > face->num_glyphs )
+    {
+      FT_TRACE1(( "ftc_basic_family_get_count: too large number of glyphs " ));
+      FT_TRACE1(( "in this face, truncated\n", face->num_glyphs ));
+    }
+
     if ( !error )
-      result = face->num_glyphs;
+      result = (FT_UInt)face->num_glyphs;
 
     return result;
   }