diff --git a/ChangeLog b/ChangeLog
index 7dac7a2c1..86a581845 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-03-17  Dave Arnold <darnold@adobe.com>
+
+	[cff] Fix CFF2 stack allocation.
+
+	* src/cff/cffparse.c (cff_parser_init) add 1 for operator.
+
 2017-03-16  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttgxvar.c (tt_done_blend): Free `vvar_table'.
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index d3a2af9ad..ed93fb571 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -1890,7 +1890,8 @@
     subfont->lenNDV = lenNDV;
     subfont->NDV    = NDV;
 
-    stackSize = font->cff2 ? font->top_font.font_dict.maxstack
+    /* add 1 for the operator */
+    stackSize = font->cff2 ? font->top_font.font_dict.maxstack + 1
                            : CFF_MAX_STACK_DEPTH + 1;
 
     if ( cff_parser_init( &parser,