--- freetype-2.1.9/src/pcf/pcfread.c.strlen	2006-06-27 10:21:38.000000000 -0400
+++ freetype-2.1.9/src/pcf/pcfread.c	2006-06-27 10:24:20.000000000 -0400
@@ -438,6 +438,14 @@
 
     for ( i = 0; i < nprops; i++ )
     {
+      /* 2006:0500 (mbarnes) - Detect invalid string length.
+       * XXX Is this is best error code to return? */
+      if ( props[i].name < 0 )
+      {
+        error = FT_Err_Invalid_File_Format;
+        goto Bail;
+      }
+
       /* XXX: make atom */
       if ( FT_NEW_ARRAY( properties[i].name,
                          ft_strlen( strings + props[i].name ) + 1 ) )
@@ -450,6 +458,14 @@
 
       if ( props[i].isString )
       {
+	/* 2006:0500 (mbarnes) - Detect invalid string length.
+         * XXX Is this the best error code to return? */
+        if ( props[i].value < 0 )
+        {
+          error = FT_Err_Invalid_File_Format;
+          goto Bail;
+        }
+
         if ( FT_NEW_ARRAY( properties[i].value.atom,
                            ft_strlen( strings + props[i].value ) + 1 ) )
           goto Bail;