From 78961f27f831cb61b87243ce0fdada411857f104 Mon Sep 17 00:00:00 2001
From: Chuck Walbourn <chuckw@microsoft.com>
Date: Mon, 20 Apr 2026 17:49:54 -0700
Subject: [PATCH] Add extra validation to spritefont loader

---
 Src/SpriteFont.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Src/SpriteFont.cpp b/Src/SpriteFont.cpp
index da8d3d71..5af530f4 100644
--- a/Src/SpriteFont.cpp
+++ b/Src/SpriteFont.cpp
@@ -142,6 +142,18 @@ SpriteFont::Impl::Impl(
     auto textureStride = reader->Read<uint32_t>();
     auto textureRows = reader->Read<uint32_t>();
 
+    if (!textureWidth
+        || !textureHeight
+        || !textureStride
+        || !textureRows
+        || (textureWidth > D3D11_REQ_TEXTURE2D_U_OR_V_DIMENSION)
+        || (textureHeight > D3D11_REQ_TEXTURE2D_U_OR_V_DIMENSION)
+        || LoaderHelpers::BitsPerPixel(textureFormat) == 0)
+    {
+        DebugTrace("ERROR: SpriteFont provided with an invalid .spritefont file\n");
+        throw std::runtime_error("Invalid .spritefont file");
+    }
+
     const uint64_t dataSize = uint64_t(textureStride) * uint64_t(textureRows);
     if (dataSize > UINT32_MAX)
     {