From 5df5f9b52b027d805b9dfd8ed2732bdc4e94edb6 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 25 Jun 2016 19:10:01 +0200
Subject: [PATCH] Check range of FcWeightFromOpenType argument.

The argument to FcWeightToOpenType is already properly upper bounded,
but the same check should be done in FcWeightFromOpenType, too.

This fixes an out of boundary access while iterating over array on
malicious font input.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/fcweight.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fcweight.c b/src/fcweight.c
index 1a3b608..c538906 100644
--- a/src/fcweight.c
+++ b/src/fcweight.c
@@ -56,7 +56,7 @@ FcWeightFromOpenType (int ot_weight)
 
 	/* Loosely based on WPF Font Selection Model's advice. */
 
-	if (ot_weight < 0)
+	if (ot_weight < 0 || ot_weight > FC_WEIGHT_EXTRABLACK)
 	    return -1;
 	else if (1 <= ot_weight && ot_weight <= 9)
 	{
-- 
2.9.0