From 57a6733dcf7828fe3db9254edab33fda7c9f6a10 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Wed, 21 Dec 2016 06:52:23 +0100
Subject: [PATCH] [base] Improve sanity check for Mac resources (#49888).

* src/base/ftobjs.c (Mac_Read_sfnt_Resource): Abort if `rlen' is not
positive.
---
 ChangeLog         | 7 +++++++
 src/base/ftobjs.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8ecd24224..769cb24ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2016-12-21  Werner Lemberg  <wl@gnu.org>
+
+	[base] Improve sanity check for Mac resources (#49888).
+
+	* src/base/ftobjs.c (Mac_Read_sfnt_Resource): Abort if `rlen' is not
+	positive.
+
 2016-12-20  Werner Lemberg  <wl@gnu.org>
 
 	[base] More sanity checks for Mac resources.
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 233c13c46..09cfe7aa4 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1842,7 +1842,7 @@
 
     if ( FT_READ_LONG( rlen ) )
       goto Exit;
-    if ( rlen == -1 )
+    if ( rlen < 1 )
       return FT_THROW( Cannot_Open_Resource );
     if ( (FT_ULong)rlen > FT_MAC_RFORK_MAX_LEN )
       return FT_THROW( Invalid_Offset );