File fontforge-CVE-2025-15279.patch of Package fontforge

From 7d67700cf8888e0bb37b453ad54ed932c8587073 Mon Sep 17 00:00:00 2001
From: Ahmet Furkan Kavraz
 <55850855+ahmetfurkankavraz@users.noreply.github.com>
Date: Thu, 8 Jan 2026 15:47:43 +0100
Subject: [PATCH] Fix CVE-2025-15279: Heap buffer overflow in BMP RLE
 decompression (#5720)

CVSS: 7.8 (High)
ZDI-CAN-27517
Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
---
 gutils/gimagereadbmp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c
index 5a137e28a..133336787 100644
--- a/gutils/gimagereadbmp.c
+++ b/gutils/gimagereadbmp.c
@@ -181,12 +181,18 @@ static int readpixels(FILE *file,struct bmpheader *head) {
 	int ii = 0;
 	while ( ii<head->height*head->width ) {
 	    int cnt = getc(file);
+	    if (cnt < 0 || ii + cnt > head->height * head->width) {
+		return 0;
+	    }
 	    if ( cnt!=0 ) {
 		int ch = getc(file);
 		while ( --cnt>=0 )
 		    head->byte_pixels[ii++] = ch;
 	    } else {
 		cnt = getc(file);
+		if (cnt < 0 || ii + cnt > head->height * head->width) {
+		    return 0;
+		}
 		if ( cnt>= 3 ) {
 		    int odd = cnt&1;
 		    while ( --cnt>=0 )
-- 
2.49.0