From 6d3cc91c8ca999d15df713ee604b92bb294822d8 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Wed, 1 Jun 2022 09:58:23 +0200
Subject: [PATCH] Guard face->size

Resolves: #2079280
---
 freetype-2.10.4-guard-face-size.patch | 27 +++++++++++++++++++++++++++
 freetype.spec                         | 10 +++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 freetype-2.10.4-guard-face-size.patch

diff --git a/freetype-2.10.4-guard-face-size.patch b/freetype-2.10.4-guard-face-size.patch
new file mode 100644
index 0000000..8a447ae
--- /dev/null
+++ b/freetype-2.10.4-guard-face-size.patch
@@ -0,0 +1,27 @@
+From 0c2bdb01a2e1d24a3e592377a6d0822856e10df2 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sat, 19 Mar 2022 09:37:28 +0100
+Subject: [PATCH] * src/base/ftobjs.c (FT_Request_Size): Guard `face->size`.
+
+Fixes #1140.
+---
+ src/base/ftobjs.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
+index 6492a1517..282c9121a 100644
+--- a/src/base/ftobjs.c
++++ b/src/base/ftobjs.c
+@@ -3409,6 +3409,9 @@
+     if ( !face )
+       return FT_THROW( Invalid_Face_Handle );
+ 
++    if ( !face->size )
++      return FT_THROW( Invalid_Size_Handle );
++
+     if ( !req || req->width < 0 || req->height < 0 ||
+          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
+       return FT_THROW( Invalid_Argument );
+-- 
+2.35.1
+
diff --git a/freetype.spec b/freetype.spec
index cde8c81..54d9458 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -4,7 +4,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.10.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 URL: http://www.freetype.org
 Source:  http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
@@ -38,6 +38,9 @@ Patch9:  freetype-2.10.4-avoid-invalid-face-index.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2077991
 Patch10: freetype-2.10.4-properly-guard-face_index.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2077985
+Patch11: freetype-2.10.4-guard-face-size.patch
+
 BuildRequires:  gcc
 BuildRequires: libX11-devel
 BuildRequires: libpng-devel
@@ -104,6 +107,7 @@ popd
 %patch8 -p1 -b .covscan
 %patch9 -p1 -b .avoid-invalid-face-index
 %patch10 -p1 -b .properly-guard-face_index
+%patch11 -p1 -b .guard-face-size
 
 %build
 
@@ -245,6 +249,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*
 
 %changelog
+* Tue May 31 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-9
+- Guard face->size
+- Resolves: #2079280
+
 * Mon May 30 2022 Marek Kasik <mkasik@redhat.com> - 2.10.4-8
 - Properly guard "face_index"
 - Resolves: #2079262