kc3-lang/freetype

diff --git a/ChangeLog b/ChangeLog
index 2031ae9..a982efb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
 2010-09-19  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
+	[cff] Correct `max_cid' from CID array length to max CID.
+	See Savannah bug #30975.
+
+	* src/cff/cffload.c (cff_charset_compute_cids): Don't increment
+	max_cid after detecting max CID.  The array CFF_Charset->cids
+	is allocated by max_cid + 1.
+	(cff_charset_cid_to_gindex): Permit CID is less than or equal
+	to CFF_Charset->max_cid.
+	* src/cff/cffobjs.c (cff_face_init): FT_Face->num_glyphs is
+	calculated as CFF_Charset->max_cid + 1.
+
+2010-09-19  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
+
 	[truetype] Sanitize the broken offsets in `loca'.
 
 	* src/truetype/ttpload.c (tt_face_get_location): If `pos1', the
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index 60c5adb..27ee094 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -781,9 +781,8 @@
     for ( i = 0; i < num_glyphs; i++ )
       if ( charset->sids[i] > max_cid )
         max_cid = charset->sids[i];
-    max_cid++;
 
-    if ( FT_NEW_ARRAY( charset->cids, max_cid ) )
+    if ( FT_NEW_ARRAY( charset->cids, max_cid + 1 ) )
       goto Exit;
 
     /* When multiple GIDs map to the same CID, we choose the lowest */
@@ -807,7 +806,7 @@
     FT_UInt  result = 0;
 
 
-    if ( cid < charset->max_cid )
+    if ( cid <= charset->max_cid )
       result = charset->cids[cid];
 
     return result;
diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
index f8b07c3..1cd35c9 100644
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@@ -677,7 +677,7 @@
 
         /* compute number of glyphs */
         if ( dict->cid_registry != 0xFFFFU )
-          cffface->num_glyphs = cff->charset.max_cid;
+          cffface->num_glyphs = cff->charset.max_cid + 1;
         else
           cffface->num_glyphs = cff->charstrings_index.count;