From 359b65298ee1efcbbfa53605e6d3f13e17c99a63 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Wed, 27 Aug 2025 11:19:35 -0400
Subject: [PATCH] Add underflow detection to TTF cmap code.

---
 CHANGES.md | 6 ++++++
 ttf.c      | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 44aa183..ada3cb0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -21,6 +21,12 @@ v1.6.0 - YYYY-MM-DD
   (Issue #104)
 
 
+v1.5.5 - YYYY-MM-DD
+-------------------
+
+- Fixed TTF cmap underflow error.
+
+
 v1.5.4 - 2025-08-26
 -------------------
 
diff --git a/ttf.c b/ttf.c
index 4995479..61efaab 100644
--- a/ttf.c
+++ b/ttf.c
@@ -1379,7 +1379,7 @@ read_cmap(ttf_t *font)			// I - Font
 
           /* language = */ read_ushort(font);
 
-          if (length > (256 + 6))
+          if (length > (256 + 6) || length < 7)
           {
 	    errorf(font, "Bad cmap table length at offset %u.", coffset);
 	    return (false);