From fc7e1a9497919c88d790d9395eb01cd7d5121507 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Fri, 12 Dec 2014 21:42:35 -0800
Subject: Fix buffer overflow in copying PS name

As reported on the mailing list by Tanel Liiv.  Found using American Fuzzy Lop.
---
 src/fcfreetype.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index aca2f70b..da66741c 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c
@@ -1556,7 +1556,8 @@ FcFreeTypeQueryFace (const FT_Face  face,
     }
     else
     {
-	strcpy (psname, tmp);
+	strncpy (psname, tmp, 255);
+	psname[255] = 0;
     }
     if (!FcPatternAddString (pat, FC_POSTSCRIPT_NAME, (const FcChar8 *)psname))
 	goto bail1;
-- 
cgit v1.2.3