[cff] Fix CFF2 stack allocation.

* src/cff/cffparse.c (cff_parser_init) add 1 for operator.

ChangeLog

@@ -1,3 +1,9 @@
+2017-03-17  Dave Arnold <darnold@adobe.com>
+
+	[cff] Fix CFF2 stack allocation.
+
+	* src/cff/cffparse.c (cff_parser_init) add 1 for operator.
+
 2017-03-16  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttgxvar.c (tt_done_blend): Free `vvar_table'.

src/cff/cffload.c

@@ -1890,7 +1890,8 @@
     subfont->lenNDV = lenNDV;
     subfont->NDV    = NDV;
 
-    stackSize = font->cff2 ? font->top_font.font_dict.maxstack
+    /* add 1 for the operator */
+    stackSize = font->cff2 ? font->top_font.font_dict.maxstack + 1
                            : CFF_MAX_STACK_DEPTH + 1;
 
     if ( cff_parser_init( &parser,