diff --git a/ChangeLog b/ChangeLog
index 1f48e2493..164aa6b28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2014-02-28  Dave Arnold  <darnold@adobe.com>
+
+	[cff] Fix Savannah bug #41697, part 2.
+
+	* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
+	cf2_initGlobalRegionBuffer): It is possible for a charstring to call
+	a subroutine if no subroutines exist.  This is an error but should
+	not trigger an assert.  Split the assert to account for this.
+
 2014-02-28  Dave Arnold  <darnold@adobe.com>
 
 	[cff] Fix Savannah bug #41697, part 1.
diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c
index df5f8fbfb..82bac75a9 100644
--- a/src/cff/cf2ft.c
+++ b/src/cff/cf2ft.c
@@ -521,7 +521,7 @@
                               CF2_UInt      idx,
                               CF2_Buffer    buf )
   {
-    FT_ASSERT( decoder && decoder->globals );
+    FT_ASSERT( decoder );
 
     FT_ZERO( buf );
 
@@ -529,6 +529,8 @@
     if ( idx >= decoder->num_globals )
       return TRUE;     /* error */
 
+    FT_ASSERT( decoder->globals );
+
     buf->start =
     buf->ptr   = decoder->globals[idx];
     buf->end   = decoder->globals[idx + 1];
@@ -594,7 +596,7 @@
                              CF2_UInt      idx,
                              CF2_Buffer    buf )
   {
-    FT_ASSERT( decoder && decoder->locals );
+    FT_ASSERT( decoder );
 
     FT_ZERO( buf );
 
@@ -602,6 +604,8 @@
     if ( idx >= decoder->num_locals )
       return TRUE;     /* error */
 
+    FT_ASSERT( decoder->locals );
+
     buf->start =
     buf->ptr   = decoder->locals[idx];
     buf->end   = decoder->locals[idx + 1];