From 410e3b92ea2258a01ca6054c399d8cc9e5ea4e98 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Wed, 27 Aug 2025 11:21:16 -0400
Subject: [PATCH] Add underflow detection to TTF cmap code.

---
 CHANGES.md | 6 ++++++
 ttf.c      | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 604e6fe..6d76567 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,12 @@ Changes in PDFio
 ================
 
 
+v1.5.5 - YYYY-MM-DD
+-------------------
+
+- Fixed TTF cmap underflow error.
+
+
 v1.5.4 - 2025-08-26
 -------------------
 
diff --git a/ttf.c b/ttf.c
index 8cabc7e..6b314b2 100644
--- a/ttf.c
+++ b/ttf.c
@@ -1205,7 +1205,7 @@ read_cmap(ttf_t *font)			// I - Font
 
           /* language = */ read_ushort(font);
 
-          if (length > (256 + 6))
+          if (length > (256 + 6) || length < 7)
           {
 	    errorf(font, "Bad cmap table length at offset %u.", coffset);
 	    return (false);