From 577414030a14219723d0536fb1a349174508062b Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 22 Oct 2016 18:34:48 +0200
Subject: [PATCH] [sfnt] Improve handling of invalid post 2.5 tables [#49393].

* src/sfnt/ttpost.c (load_format_25): We need at least a single
table entry.
---
 ChangeLog         | 7 +++++++
 src/sfnt/ttpost.c | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 6b54ef04d..3b12c2049 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2016-10-22  Werner Lemberg  <wl@gnu.org>
+
+	[sfnt] Improve handling of invalid post 2.5 tables [#49393].
+
+	* src/sfnt/ttpost.c (load_format_25): We need at least a single
+	table entry.
+
 2016-10-14  Werner Lemberg  <wl@gnu.org>
 
 	[truetype] Fix handling of `cvar' table data.
diff --git a/src/sfnt/ttpost.c b/src/sfnt/ttpost.c
index 3277f1ec4..ef81e63a3 100644
--- a/src/sfnt/ttpost.c
+++ b/src/sfnt/ttpost.c
@@ -326,7 +326,9 @@
       goto Exit;
 
     /* check the number of glyphs */
-    if ( num_glyphs > face->max_profile.numGlyphs || num_glyphs > 258 )
+    if ( num_glyphs > face->max_profile.numGlyphs ||
+         num_glyphs > 258                         ||
+         num_glyphs < 1                           )
     {
       error = FT_THROW( Invalid_File_Format );
       goto Exit;