From 06d6916c96954465ed66041507d343dc982b506f Mon Sep 17 00:00:00 2001
From: "Johnson Y. Yan" <yinsen_yan@foxitsoftware.com>
Date: Sun, 9 Dec 2012 00:07:51 +0100
Subject: [PATCH] [type1] Another fix for 2012-09-17 commit.

* src/type1/t1parse.c (T1_Get_Private_Dict) <found>: Correctly set
`limit' value.
---
 ChangeLog           |  7 +++++++
 src/type1/t1parse.c | 13 +++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bc7cead84..aacea17ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-12-09  Johnson Y. Yan  <yinsen_yan@foxitsoftware.com>
+
+	[type1] Another fix for 2012-09-17 commit.
+
+	* src/type1/t1parse.c (T1_Get_Private_Dict) <found>: Correctly set
+	`limit' value.
+
 2012-12-06  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[truetype] Tweak the previous commit.
diff --git a/src/type1/t1parse.c b/src/type1/t1parse.c
index d1c24c2b0..b48651a01 100644
--- a/src/type1/t1parse.c
+++ b/src/type1/t1parse.c
@@ -342,7 +342,7 @@
       {
         c = cur[0];
         if ( c == 'e' && cur + 9 < limit )  /* 9 = 5 letters for `eexec' + */
-                                            /* newline + 4 chars           */
+                                            /* whitespace + 4 chars        */
         {
           if ( cur[1] == 'e' &&
                cur[2] == 'x' &&
@@ -364,7 +364,7 @@
       /* or string (as e.g. in u003043t.gsf from ghostscript)       */
 
       parser->root.cursor = parser->base_dict;
-      /* set limit to `eexec' + newline + 4 characters */
+      /* set limit to `eexec' + whitespace + 4 characters */
       parser->root.limit  = cur + 10;
 
       cur   = parser->root.cursor;
@@ -397,7 +397,8 @@
       parser->root.limit = parser->base_dict + parser->base_len;
 
       T1_Skip_PS_Token( parser );
-      cur = parser->root.cursor;
+      cur   = parser->root.cursor;
+      limit = parser->root.limit;
 
       /* according to the Type1 spec, the first cipher byte must not be  */
       /* an ASCII whitespace character code (blank, tab, carriage return */
@@ -438,9 +439,9 @@
       /* now determine whether the private dictionary is encoded in binary */
       /* or hexadecimal ASCII format -- decode it accordingly              */
 
-      /* we need to access the next 4 bytes (after the final \r following */
-      /* the `eexec' keyword); if they all are hexadecimal digits, then   */
-      /* we have a case of ASCII storage                                  */
+      /* we need to access the next 4 bytes (after the final whitespace */
+      /* following the `eexec' keyword); if they all are hexadecimal    */
+      /* digits, then we have a case of ASCII storage                   */
 
       if ( cur + 3 < limit                                &&
            ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) &&