$NetBSD: patch-CVE-2017-7475,v 1.1 2017/09/28 00:57:25 spz Exp $

from https://bugs.freedesktop.org/attachment.cgi?id=131213

--- src/cairo-ft-font.c.orig	2017-06-15 22:13:55.000000000 +0000
+++ src/cairo-ft-font.c
@@ -1146,7 +1146,7 @@ _get_bitmap_surface (FT_Bitmap		     *bi
     width = bitmap->width;
     height = bitmap->rows;
 
-    if (width == 0 || height == 0) {
+    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
 	*surface = (cairo_image_surface_t *)
 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
 	return (*surface)->base.status;
