From b98133a4e9831544fec776757b2a6745d4ebc51e Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sun, 22 Jul 2018 13:06:20 +0200
Subject: [PATCH] * src/pcf/pcfread.c (pcf_get_encodings): Check index of
 defaultChar.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9527
---
 ChangeLog         | 8 ++++++++
 src/pcf/pcfread.c | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index d442b40cb..020575cfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-22  Werner Lemberg  <wl@gnu.org>
+
+	* src/pcf/pcfread.c (pcf_get_encodings): Check index of defaultChar.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9527
+
 2018-07-22  Werner Lemberg  <wl@gnu.org>
 
 	* src/pcf/pcfread.c (pcf_load_font): Fix number of glyphs.
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index e55b47290..a3a3dff81 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -1059,6 +1059,14 @@ THE SOFTWARE.
     else
       defaultCharEncodingOffset = FT_PEEK_USHORT_LE( pos );
 
+    if ( defaultCharEncodingOffset >= face->nmetrics )
+    {
+      FT_TRACE0(( "pcf_get_encodings:"
+                  " Invalid glyph index for default character,"
+                  " setting to zero\n" ));
+      defaultCharEncodingOffset = 0;
+    }
+
     if ( defaultCharEncodingOffset )
     {
       /* do the swapping */