From 0e15bd11dc058d5efcdcb16436c3d8cf240859f6 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp>
Date: Sat, 6 Jul 2019 14:08:47 +0900
Subject: [PATCH] Avoid crash inside CFCharacterSetIsLongCharacterMember

* src/macfont.m (macfont_supports_charset_and_languages_p)
(macfont_has_char): Don't pass integers outside the Unicode codespace to
CFCharacterSetIsLongCharacterMember.
---
 src/macfont.m | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/macfont.m b/src/macfont.m
index f736fbf0e1e..2b7f963fd61 100644
--- a/src/macfont.m
+++ b/src/macfont.m
@@ -2076,7 +2076,7 @@ macfont_supports_charset_and_languages_p (CTFontDescriptorRef desc,
               ptrdiff_t j;
 
               for (j = 0; j < ASIZE (chars); j++)
-                if (TYPE_RANGED_FIXNUMP (UTF32Char, AREF (chars, j))
+                if (RANGED_FIXNUMP (0, AREF (chars, j), MAX_UNICODE_CHAR)
                     && CFCharacterSetIsLongCharacterMember (desc_charset,
                                                             XFIXNAT (AREF (chars, j))))
                   break;
@@ -2710,6 +2710,9 @@ macfont_has_char (Lisp_Object font, int c)
   int result;
   CFCharacterSetRef charset;
 
+  if (c < 0 || c > MAX_UNICODE_CHAR)
+    return false;
+
   block_input ();
   if (FONT_ENTITY_P (font))
     {
-- 
2.39.2