From 0fc8debeb6c2f6a8a9a2b97332a7c8a0a1bd9e85 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Fri, 2 Mar 2012 16:09:51 +0100
Subject: [PATCH] [truetype] Fix Savannah bug #35689.

* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline
point.
---
 ChangeLog              | 7 +++++++
 src/truetype/ttgload.c | 7 +++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2dc9673d1..332468930 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-03-02  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Fix Savannah bug #35689.
+
+	* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline
+	point.
+
 2012-03-01  Werner Lemberg  <wl@gnu.org>
 
 	[bdf] Fix Savannah bug #35656.
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index fb801d0ea..ce8c8887b 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -362,14 +362,17 @@
     if ( n_contours >= 0xFFF || p + ( n_contours + 1 ) * 2 > limit )
       goto Invalid_Outline;
 
-    prev_cont = FT_NEXT_USHORT( p );
+    prev_cont = FT_NEXT_SHORT( p );
 
     if ( n_contours > 0 )
       cont[0] = prev_cont;
 
+    if ( prev_cont < 0 )
+      goto Invalid_Outline;
+
     for ( cont++; cont < cont_limit; cont++ )
     {
-      cont[0] = FT_NEXT_USHORT( p );
+      cont[0] = FT_NEXT_SHORT( p );
       if ( cont[0] <= prev_cont )
       {
         /* unordered contours: this is invalid */