Merge to XFA: Update bundled freetype to 2.6.1

third_party/freetype/src/base/ftmac.c

Index: third_party/freetype/src/base/ftmac.c
diff --git a/third_party/freetype/src/base/ftmac.c b/third_party/freetype/src/base/ftmac.c
index 5301ab44fc03c5a75fbc94816242cf3bdf6649c6..114bbb63919c4217afd05c2b5e81c2827cfae3be 100644
--- a/third_party/freetype/src/base/ftmac.c
+++ b/third_party/freetype/src/base/ftmac.c
@@ -8,7 +8,7 @@
 /*  This file is for Mac OS X only; see builds/mac/ftoldmac.c for          */
 /*  classic platforms built by MPW.                                        */
 /*                                                                         */
-/*  Copyright 1996-2009, 2013, 2014 by                                     */
+/*  Copyright 1996-2015 by                                                 */
 /*  Just van Rossum, David Turner, Robert Wilhelm, and Werner Lemberg.     */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -618,11 +618,11 @@
           total_size += 6; /* code + 4 bytes chunk length */
       }
 
-      total_size += GetHandleSize( post_data ) - 2;
+      total_size += (FT_ULong)GetHandleSize( post_data ) - 2;
       last_code = code;
 
-      /* detect integer overflows */
-      if ( total_size < old_total_size )
+      /* detect resource fork overflow */
+      if ( FT_MAC_RFORK_MAX_LEN < total_size )
       {
         error = FT_THROW( Array_Too_Large );
         goto Error;
@@ -747,6 +747,11 @@
       return FT_THROW( Invalid_Handle );
 
     sfnt_size = (FT_ULong)GetHandleSize( sfnt );
+
+    /* detect resource fork overflow */
+    if ( FT_MAC_RFORK_MAX_LEN < sfnt_size )
+      return FT_THROW( Array_Too_Large );
+
     if ( FT_ALLOC( sfnt_data, (FT_Long)sfnt_size ) )
     {
       ReleaseResource( sfnt );