From c169022972d82ee0da4812e77aa8f560d173fcd7 Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <copypaste@kittens.ph>
Date: Tue, 21 Jan 2020 15:16:00 +0800
Subject: [PATCH] Fix crash on exit introduced in previous commit

When the number of layers is greater than 2, as in Chomsky.sfd and most
of my other fonts, FontForge will crash on exiting.

This is just a simple mistake @skef made.

CVE: CVE-2020-25690 CVE-2020-5395 CVE-2020-5496
Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 fontforge/sfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fontforge/sfd.c b/fontforge/sfd.c
index cdce0b08a..132f9fa0c 100644
--- a/fontforge/sfd.c
+++ b/fontforge/sfd.c
@@ -7998,9 +7998,9 @@ bool SFD_GetFontMetaData( FILE *sfd,
 	int layer_cnt_tmp;
 	getint(sfd,&layer_cnt_tmp);
 	if ( layer_cnt_tmp>2 ) {
+	    sf->layer_cnt = layer_cnt_tmp;
 	    sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo));
 	    memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo));
-	    sf->layer_cnt = layer_cnt_tmp;
 	}
     }
     else if ( strmatch(tok,"Layer:")==0 )