This is a patch file for "libwmf" 0.2.8.4. It's based on code extract-
ed from the following tarball:

      http://ftp.de.debian.org/debian/pool/main/libw/libwmf/\
libwmf_0.2.8.4-8.debian.tar.gz

--- libwmf-0.2.8.4.old/src/extra/gd/gd_clip.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
@@ -70,6 +70,7 @@
 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
 		if (more == 0) return;
 		im->clip->max += 8;
+		im->clip->list = more;
 	}
 	im->clip->list[im->clip->count] = (*rect);
 	im->clip->count++;
--- libwmf-0.2.8.4.old/src/font.c
+++ libwmf-0.2.8.4/src/font.c
@@ -199,7 +199,7 @@
 	unsigned int i = 0;
 
 	while (font_data->cache[i].name)
-	{	if (strcmp (font_data->cache[i].path,entry->path) == 0) break;
+	{	if (strcmp (font_data->cache[i].name,entry->name) == 0) break;
 		i++;
 	}
 
@@ -422,7 +422,6 @@
 
 	fontmap_data->FD.FI = 0;
 
-	if (API->flags & WMF_OPT_SYS_FONTS)
 	{	if (API->flags & WMF_OPT_SYS_FONTMAP)
 		{	wmf_ipa_font_map_xml (API,&(fontmap_data->FD),options->sys_fontmap_file);
 		}
--- libwmf-0.2.8.4.old/src/player.c
+++ libwmf-0.2.8.4/src/player.c
@@ -23,6 +23,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <math.h>
 
@@ -132,8 +133,14 @@
 		}
 	}
 
-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
+	{
+		API->err = wmf_E_InsMem;
+		WMF_DEBUG (API,"bailing...");
+		return (API->err);
+	}
+
+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
 
 	if (ERR (API))
 	{	WMF_DEBUG (API,"bailing...");