diff --git a/CHANGES.md b/CHANGES.md
index 735ee58..cf9ae67 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -13,6 +13,7 @@ v1.5.0 - YYYY-MM-DD
 - Added support for writing the PCLm subset of PDF (Issue #99)
 - Now support opening damaged PDF files (Issue #45)
 - Updated the pdf2txt example to support font encodings.
+- Fixed a potential heap overflow in the TrueType font code.
 
 
 v1.4.1 - 2025-01-24
diff --git a/ttf.c b/ttf.c
index cf5b5f6..896e695 100644
--- a/ttf.c
+++ b/ttf.c
@@ -3,7 +3,7 @@
 //
 //     https://github.com/michaelrsweet/ttf
 //
-// Copyright © 2018-2024 by Michael R Sweet.
+// Copyright © 2018-2025 by Michael R Sweet.
 //
 // Licensed under Apache License v2.0.  See the file "LICENSE" for more
 // information.
@@ -1460,7 +1460,7 @@ read_cmap(ttf_t *font)			// I - Font
 	  // array...
 	  for (gidx = 0, group = groups; gidx < nGroups; gidx ++, group ++)
 	  {
-            for (ch = group->startCharCode; ch <= group->endCharCode && ch < TTF_FONT_MAX_CHAR; ch ++)
+            for (ch = group->startCharCode; ch <= group->endCharCode && ch < font->num_cmap; ch ++)
               cmapptr[ch] = (int)(group->startGlyphID + ch - group->startCharCode);
           }
 
@@ -1551,7 +1551,7 @@ read_cmap(ttf_t *font)			// I - Font
 	  // array...
 	  for (gidx = 0, group = groups; gidx < nGroups; gidx ++, group ++)
 	  {
-            for (ch = group->startCharCode; ch <= group->endCharCode && ch < TTF_FONT_MAX_CHAR; ch ++)
+            for (ch = group->startCharCode; ch <= group->endCharCode && ch < font->num_cmap; ch ++)
               cmapptr[ch] = (int)group->glyphID;
           }