diff --git a/ChangeLog b/ChangeLog
index 92b090ff4..31a07f421 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,26 @@
 	Don't include `rastpic.h'.
 	Define FT_DEFINE_RASTER_FUNCS.
 
+2009-07-09  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
+
+	smooth: Check glyph size by width/height, instead of pitch/height.
+	Suggested by der Mouse <mouse@Rodents-Montreal.ORG>.
+
+	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Improve
+	the check for too large glyph. Replace the pair of `pitch' and
+	`height' by the pair of `width' and `height'. `pitch' cannot
+	be greater than `height'. The required is checking the product
+	`pitch' * `height' <= FT_ULONG_MAX, but we use cheap checks for 
+	the realistic case only.
+
+2009-07-09  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
+
+	Register 2 missing trace components, t1afm and ttbdf.
+
+	* include/freetype/internal/fttrace.h: Add FT_TRACE_DEF( t1afm )
+	and FT_TRACE_DEF( ttbdf ).  See
+	http://lists.gnu.org/archive/html/freetype-devel/2009-07/msg00013.html
+
 2009-07-09  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
 	Register a trace component for ftgloadr.c.
@@ -20,8 +40,8 @@
 
 	Prevent the overflows by a glyph with too many points or contours.
 	The bug is reported by Boris Letocha <b.letocha@gmc.net>. See
-	http://lists.nongnu.org/archive/html/freetype-devel/2009-06/msg00031.html
-	http://lists.nongnu.org/archive/html/freetype-devel/2009-07/msg00002.html	
+	http://lists.gnu.org/archive/html/freetype-devel/2009-06/msg00031.html
+	http://lists.gnu.org/archive/html/freetype-devel/2009-07/msg00002.html	
 
 	* include/freetype/ftimage.h (FT_OUTLINE_CONTOURS_MAX,
 	FT_OUTLINE_POINTS_MAX): New macros to declare the maximum
@@ -959,7 +979,7 @@
 	Problem reported by Tavis Ormandy <taviso@google.com>.
 
 	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Don't allow
-	`width' or `pitch' to be larger than 0xFFFF.
+	`pitch' or `height' to be larger than 0xFFFF.
 
 2009-03-20  Werner Lemberg  <wl@gnu.org>
 	    Tavis Ormandy <taviso@google.com>
@@ -5569,7 +5589,7 @@
 
 	`ft_validator_run' wrapping `setjmp' can cause a crash, as found by
 	Jens:
-	http://lists.nongnu.org/archive/html/freetype-devel/2006-08/msg00004.htm.
+	http://lists.gnu.org/archive/html/freetype-devel/2006-08/msg00004.htm.
 
 	* src/otvalid/otvmod.c: Replace `ft_validator_run' by `ft_setjmp'.
 	It reverts the change introduced on 2005-08-20.
@@ -5766,7 +5786,7 @@
 2006-06-24  Eugeniy Meshcheryakov  <eugen@univ.kiev.ua>
 
 	Fix two hinting bugs as reported in
-	http://lists.nongnu.org/archive/html/freetype-devel/2006-06/msg00057.html.
+	http://lists.gnu.org/archive/html/freetype-devel/2006-06/msg00057.html.
 
 	* include/freetype/internal/tttypes.h (TT_GlyphZoneRec): Add
 	`first_point' member.
diff --git a/include/freetype/internal/fttrace.h b/include/freetype/internal/fttrace.h
index a626971ca..30eb6550c 100644
--- a/include/freetype/internal/fttrace.h
+++ b/include/freetype/internal/fttrace.h
@@ -49,6 +49,7 @@ FT_TRACE_DEF( ttload )    /* basic TrueType tables   (ttload.c)   */
 FT_TRACE_DEF( ttmtx )     /* metrics-related tables  (ttmtx.c)    */
 FT_TRACE_DEF( ttpost )    /* PS table processing     (ttpost.c)   */
 FT_TRACE_DEF( ttsbit )    /* TrueType sbit handling  (ttsbit.c)   */
+FT_TRACE_DEF( ttbdf )     /* TrueType embedded BDF   (ttbdf.c)    */
 
   /* TrueType driver components */
 FT_TRACE_DEF( ttdriver )  /* TT font driver          (ttdriver.c) */
@@ -59,6 +60,7 @@ FT_TRACE_DEF( ttpload )   /* TT data/program loader  (ttpload.c)  */
 FT_TRACE_DEF( ttgxvar )   /* TrueType GX var handler (ttgxvar.c)  */
 
   /* Type 1 driver components */
+FT_TRACE_DEF( t1afm )
 FT_TRACE_DEF( t1driver )
 FT_TRACE_DEF( t1gload )
 FT_TRACE_DEF( t1hint )
diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
index f0b0513a4..a47c97a22 100644
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -196,7 +196,9 @@
 
 #endif
 
-    if ( pitch > 0xFFFF || height > 0xFFFF )
+    /* Required check is ( pitch * height < FT_ULONG_MAX ),     */
+    /* but we care realistic cases only. Always pitch <= width. */
+    if ( width > 0xFFFFU || height > 0xFFFFU )
     {
       FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n",
                  width, height ));