diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index 4fdb60699..b7eb09f38 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -670,6 +670,10 @@ doListFontsAndAliases(ClientPtr client, LFclosurePtr c)
                  * is BadFontName, indicating the alias resolution
                  * is complete.
                  */
+                if (resolvedlen > XLFDMAXFONTNAMELEN) {
+                    err = BadFontName;
+                    goto ContBadFontName;
+                }
                 memcpy(tmp_pattern, resolved, resolvedlen);
                 if (c->haveSaved) {
                     char *tmpname;
@@ -932,6 +936,10 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
                 memcpy(c->savedName, name, namelen + 1);
                 aliascount = 20;
             }
+            if (namelen > XLFDMAXFONTNAMELEN) {
+                err = BadFontName;
+                goto ContBadFontName;
+            }
             memmove(c->current.pattern, name, namelen);
             c->current.patlen = namelen;
             c->current.max_names = 1;
diff --git a/include/closestr.h b/include/closestr.h
index 60e6f09bc..7567ac6ea 100644
--- a/include/closestr.h
+++ b/include/closestr.h
@@ -57,7 +57,12 @@ typedef struct _OFclosure {
 
 /* ListFontsWithInfo */
 
-#define XLFDMAXFONTNAMELEN	256
+/* libXfont2 allows font names/aliases up to MAXFONTNAMELEN (1024) bytes in
+ * fonts.alias files.  The server's pattern buffers must be large enough to
+ * hold resolved alias targets returned by the font library.
+ * ZDI-CAN-30136
+ */
+#define XLFDMAXFONTNAMELEN	1024
 typedef struct _LFWIstate {
     char pattern[XLFDMAXFONTNAMELEN];
     int patlen;