From b6bcd2177f72bb4842c7701d7b7f633bb3fc951a Mon Sep 17 00:00:00 2001
From: Alexei Podtelezhnikov <apodtele@gmail.com>
Date: Sun, 3 May 2026 13:21:19 -0400
Subject: [PATCH] * src/base/ftbitmap.c (FT_Bitmap_Blend): Check final
 dimensions.

Fixes #1413.
---
 src/base/ftbitmap.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/base/ftbitmap.c b/src/base/ftbitmap.c
index 047f2577a..171bbe706 100644
--- a/src/base/ftbitmap.c
+++ b/src/base/ftbitmap.c
@@ -838,6 +838,14 @@
       fbx.yMin = FT_MIN( sbx.yMin, tbx.yMin );
       fbx.xMax = FT_MAX( sbx.xMax, tbx.xMax );
       fbx.yMax = FT_MAX( sbx.yMax, tbx.yMax );
+
+      /* sanity check */
+      if ( fbx.xMin < -0x10000 || fbx.xMax >= 0x10000 ||
+           fbx.yMin < -0x10000 || fbx.yMax >= 0x10000 )
+      {
+        FT_TRACE5(( "FT_Bitmap_Blend: final dimension overflow\n" ));
+        return FT_THROW( Invalid_Argument );
+      }
     }
     else
       fbx = sbx;