From d47d372c96d445a30b7d7a26be00d60ffa878e6d Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Tue, 20 Oct 2015 12:24:36 +0200
Subject: [PATCH] [cid] Avoid segfault with malformed input (#46250).

* src/cid/cidload.c (cid_read_subrs): Return a proper error code for
unsorted offsets.
---
 ChangeLog         | 7 +++++++
 src/cid/cidload.c | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 97e8b08c7..85dcfb03c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-20  Werner Lemberg  <wl@gnu.org>
+
+	[cid] Avoid segfault with malformed input (#46250).
+
+	* src/cid/cidload.c (cid_read_subrs): Return a proper error code for
+	unsorted offsets.
+
 2015-10-20  StudioEtrange  <nomorgan@gmail.com>
 
 	* CMakeLists.txt: Enable shared library builds on MinGW (#46233).
diff --git a/src/cid/cidload.c b/src/cid/cidload.c
index c579c1466..0bf73d40c 100644
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -484,7 +484,11 @@
       /* offsets must be ordered */
       for ( count = 1; count <= num_subrs; count++ )
         if ( offsets[count - 1] > offsets[count] )
+        {
+          FT_TRACE1(( "cid_read_subrs: offsets are not ordered\n" ));
+          error = FT_THROW( Syntax_Error );
           goto Fail;
+        }
 
       /* now, compute the size of subrs charstrings, */
       /* allocate, and read them                     */