From ef1eba75187adfac750f326b563fe543dd5ff4e6 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 6 Nov 2014 23:25:05 +0100
Subject: [PATCH] Fix Savannah bug #43548.

* src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and
column values.
---
 ChangeLog         | 7 +++++++
 src/pcf/pcfread.c | 9 +++++++++
 2 files changed, 16 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 9b56e9136..d709e41ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2014-11-06  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #43548.
+
+	* src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and
+	column values.
+
 2014-11-06  Werner Lemberg  <wl@gnu.org>
 
 	Fix Savannah bug #43547.
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index 8db31bda0..668c9626e 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -830,6 +830,15 @@ THE SOFTWARE.
     if ( !PCF_FORMAT_MATCH( format, PCF_DEFAULT_FORMAT ) )
       return FT_THROW( Invalid_File_Format );
 
+    /* sanity checks */
+    if ( firstCol < 0       ||
+         firstCol > lastCol ||
+         lastCol  > 0xFF    ||
+         firstRow < 0       ||
+         firstRow > lastRow ||
+         lastRow  > 0xFF    )
+      return FT_THROW( Invalid_Table );
+
     FT_TRACE4(( "pdf_get_encodings:\n" ));
 
     FT_TRACE4(( "  firstCol %d, lastCol %d, firstRow %d, lastRow %d\n",