From 7d600a022e1d813e85a8c94ffd395f6135872267 Mon Sep 17 00:00:00 2001
From: Alexei Podtelezhnikov <apodtele@gmail.com>
Date: Thu, 23 Apr 2026 21:54:58 -0400
Subject: [PATCH] * src/truetype/ttinterp.c (Ins_SHZ): Fix the range limit
 (cont'd).

Fixes
    https://issues.oss-fuzz.com/issues/505900175
---
 src/truetype/ttinterp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index abb8f13aa..44400fbe2 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -5135,8 +5135,10 @@
     /*      subtract them.                                         */
     if ( exc->GS.gep2 == 0 )
       limit = exc->zp2.n_points;
-    else
+    else if ( exc->zp2.n_points > 4U )
       limit = exc->zp2.n_points - 4U;
+    else
+      return;
 
     /* XXX: UNDOCUMENTED! SHZ doesn't touch the points */
     for ( i = 0; i < limit; i++ )