Unsafe font resource assembly in windres can overrun on long font strings

In binutils' windres resource reader, define_font() constructs FONTDIR data by concatenating strings extracted from an input font file. The code computes fontdatalength from strlen(device) and strlen(face), then copies 56 bytes and appends the two strings with strcpy() into a heap buffer. This pattern is only safe if the offsets point to NUL-terminated strings within the file and the computed lengths are trustworthy; otherwise the code can read past the mapped font data or overflow the destination buffer if the source strings are malformed or not properly terminated.