diff --git a/ChangeLog b/ChangeLog
index 0059a1220..9f5168631 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-06-20  Werner Lemberg  <wl@gnu.org>
+
+	[cff] Revert last change.
+
+	* src/cff/cffgload.c (cff_decoder_parse_charstrings): Do it.
+	Next time, don't confuse Type 2 charstring opcodes with TOP DICT
+	values...
+
 2009-06-20  Werner Lemberg  <wl@gnu.org>
 
 	* src/autofit/aflatin.c (af_latin_metrics_check_digits): Fix
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 6cb26a43e..03956cab8 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -938,9 +938,17 @@
             goto Syntax_Error;
           val = -( (FT_Long)v - 251 ) * 256 - *ip++ - 108;
         }
-        else /* 255 */
-          goto Syntax_Error;
-
+        else
+        {
+          if ( ip + 3 >= limit )
+            goto Syntax_Error;
+          val = ( (FT_Int32)ip[0] << 24 ) |
+                ( (FT_Int32)ip[1] << 16 ) |
+                ( (FT_Int32)ip[2] <<  8 ) |
+                            ip[3];
+          ip    += 4;
+          shift  = 0;
+        }
         if ( decoder->top - stack >= CFF_MAX_OPERANDS )
           goto Stack_Overflow;