diff --git a/ChangeLog b/ChangeLog
index 9df283ae6..5ed769fa4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-09-17  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #37350.
+
+	* src/type1/t1parse.c (T1_Get_Private_Dict) <found>: Check for ASCII
+	storage only if we actually have at least four bytes.
+
 2012-09-15  Werner Lemberg  <wl@gnu.org>
 
 	[autofit] Implement `fallback-script' property.
diff --git a/src/type1/t1parse.c b/src/type1/t1parse.c
index 495527962..1ba48c13c 100644
--- a/src/type1/t1parse.c
+++ b/src/type1/t1parse.c
@@ -441,7 +441,8 @@
       /* the `eexec' keyword); if they all are hexadecimal digits, then   */
       /* we have a case of ASCII storage                                  */
 
-      if ( ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) &&
+      if ( cur + 3 < limit                                &&
+           ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) &&
            ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) )
       {
         /* ASCII hexadecimal encoding */