File fontforge-CVE-2025-15279-part02_720ea950.patch of Package fontforge

From 720ea95020c964202928afd2e93b0f5fac11027e Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz
 <55850855+ahmetfurkankavraz@users.noreply.github.com>
Date: Mon, 12 Jan 2026 22:45:16 +0100
Subject: [PATCH] Fix CVE-2025-15279: Move bounds check inside cnt >= 3 block
 (#5723)

Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
---
 gutils/gimagereadbmp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c
index 133336787..ad365158c 100644
--- a/gutils/gimagereadbmp.c
+++ b/gutils/gimagereadbmp.c
@@ -190,10 +190,10 @@ static int readpixels(FILE *file,struct bmpheader *head) {
 		    head->byte_pixels[ii++] = ch;
 	    } else {
 		cnt = getc(file);
-		if (cnt < 0 || ii + cnt > head->height * head->width) {
-		    return 0;
-		}
 		if ( cnt>= 3 ) {
+		    if (ii + cnt > head->height * head->width) {
+			return 0;
+		    }
 		    int odd = cnt&1;
 		    while ( --cnt>=0 )
 			head->byte_pixels[ii++] = getc(file);
-- 
2.49.0