From ba65f0b08ee8b93195c3f3277820771f5b62aa52 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Sun, 14 Mar 2021 23:26:28 +0100
Subject: [PATCH] Fix Memory DOS in ImageFont

* A corrupt or specially crafted TTF font could have font metrics that
  lead to unreasonably large sizes when rendering text in
  font. ImageFont.py did not check the image size before allocating
  memory for it.
* Found with oss-fuzz
* This dates from the PIL fork
---
 ...e8e927ba6c0d38274a37c1567560eb33baf74627.ttf | Bin 0 -> 50373 bytes
 Tests/test_imagefont.py                         |  13 +++++++++++++
 src/PIL/ImageFont.py                            |   1 +
 3 files changed, 14 insertions(+)
 create mode 100644 Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf

diff --git a/Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf b/Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf
new file mode 100644
index 0000000000000000000000000000000000000000..79013251524b109bad3ec84ed9f2864f7cca6e1e
GIT binary patch
literal 50373
zcmeI52Y^)7+4s*mcgpT;ot@drvV~=Lk+Q(T?jq8gNK=}qh=LU9ARqx1M6B`ENQ@da
z#@M1pjS^#&7^7H{*rL2q6E#M$B$kkfh7e+z`F_v2bMMRomgMy-@AvNBz0dzVr#|O7
z<(_iy9Ho^~1!|LW)XI@ZPMETHLEd9Z{c{VJ&x|~3_=G2to3<*QJsV#oqoy8l`1Bdm
z|3m49p77lcKkCS-C%u1J825EbmFFHlb^3^>K73=g(p}C`%DMH(slA)e{&4DAr8Mqp
z_S|K2R{pKmj%$d!k5a)=Cof&U;FYYBdz9)lOsShEEu24RUd|+aIetIkZe55)_Q_cl
zgzpdEb>Xr#>u&8@GXefZrSgtmx?=8}@`^tmr&N56QlTf8%~`iHcxvDc+>gP3&GI?R
z=6~a?-z1fKnEYf-Ub$lRnrEN-!F@_S@s?7(f1o7q+_&z#>iQE42K`-W=N)X+b7!3J
zf``dx6ITRJ39Nz-DI>Q05ym+_xkf!6{Ce`)<O{)5Y)r13rOx5j&pfqKh3zdV**~M4
zB=G>|J9>)>Ds3(_BJFq=^$A2T+Rgk6XEO5^uc}eQRL$#$xiSP+>BYDgi66bk>;P(%
zLr&(IJt}S<=Dtw%1ACc!)M#^=YSJ^+aPz7f!#!2KPN-Ye6my<xGJjQd;x`ah-AzK(
z>v?K`{-Nr_-OD_q4wW!^lWNm9scsf$s-XFu8fcDHeaxAvo7tfHnqR1)=6uy=euDjK
z)nI<5dSmWw{S($asgAN~KdFv0TU0M+t{P-sR;}g*WLra+_rPy(FXny>{vY5h)nc})
zL#*3<YP2&MyAQZu$Njbxz70w~x2Q_|4U;&Xp~U?<x8z;&EqOs^o1Z6Dqs`AA^71Pc
z7oC8;tZX8W+#-+2;-w|=KBJoToA?vA`>byJ>z~2jhVJ^P0g@l*d{w9=-aV>N;&c8&
zTq3LJT=Fk@e@OK-S*okaLk{$yZ=npteTXZA(^EBb4+<QO&OCXD!}*6BPhdHI@4zp&
zuUiREUiDxVa9SwOe&oF$>50rsU4P;~_;t!x;*`93C}z=f<}EUNx8yx_r}8HGle?Dt
zf)p;)dy*ev-pt+2m)p~&=*+vla+Y*6Zz=Q4+bjP}x%R6Ml*4FyOF4PBC%2%~4eypZ
zl6gyg@#;)Q9=*Iu9m>3IT}ss_L!FW~=H#d<^G-?zi9_NOxp!jzGWXfY_$6+=n)bIk
zxtDt%_dDFrrclf~aqlaB%*mv^|9y&z2b$7l=;cpP?DxNIyLp7RyWj2nT@BOy=mWUT
zI@?FInyaZx7pQJh_bK=DxYtVm!@W-W7r9e);kvI3rN4MV-IJ<MH-BlAdiS2Xo7+XV
z?%kcLga370OuUPU->t*9d?89b`G@+EtuKOZJ-_5DL+LlSs&Cr<Q_#z|hi==sJJp81
zmqL%fTl!k=yHf4y&M!o_-QAq(H~xLR4ZYl^e&WaDw%;G6+VO$tw&{ygZTpMSZTD+!
zTiv44==K43O1t3x>QMT?m(?w)zU0;~LfigcSGT14o2$MMr7yZnU2XfMgP=TvxUaQi
zf<0<^O0U=0F~L35I~glrFMS#JI@_PUqtf+3#t{z_&ehB9@*Lv6+1H<2kMB$McXxhe
z==O^@r25DIGP-@J`U(9d{ir$$q%XBdAF4*c)2B*5D*dbFJ(T{nr|ZV^&GyCgKW;yJ
zcM89^AMe@UZRmfwm#6yK+dVyg5vKfK|3&E5m*V2KF7<<Zl+8SLcGI|)&YfGvH6^yq
zTosM2jYUiAlS$RaXzvKK)-<RxOkqpsDkUz-Yf>&HnJ$cDk7DGvl6qC8RDFFzLrY8l
z*0%cAlH%fcC>#uhisL1v!4k`w35m0Z3?Dv3Z-_;svBc|<a5$o?F(0<9Xy~}H<AxS3
z3lzrAiN&0WCM!ET%S?1)u!TGx)EITDxzfyJE>f*jtcy*iUv0CEw@&ZJFP8XCMChk`
z(`J2rG`31uNaFdlnG79w8floz4z;-mhP+&~w)AgkOl8W;h5k5kwnU<<MgGL=*1Umy
z-Fk581F6hOE_y-cG6t_wO(aS>jg1YhZEdZRPF-#LTsU<pzMq>*{dnSoSkx(YqOo5U
z<mTrkcG;9i&RIU~zWc-|L`UmQK01q=N|RrZpC65_k40xrUo>rO;*Zgol^a5-4N89B
zX>@w1$&?x;RhOAqw7In<+P}%vb;&oy(Rh{Vml6SAO$MhSreAZFIOQ7~Fk06oM0uC=
zGrbC8XU!i!e*Wuud5xuIgO*I0vSe^s+2AEp9*h+f#2#FE>D1cVsh6$<YodLR88b3g
zaA;*=e*7;d#|kD7e|W^?yu8GX{krK$O<O}rNkdyr;)I&khT?))Wvrm<u$is;>b9A~
zyLKHuvn}yS)A*LEf|wpvn)mI37`kmmw>P2NY}G?*XurmW280Vasmw*GmMB{4Olc|g
zG3sTyPLJ#T-QI!hP<beOa5VO<STq)&5h{=CyjXc?MjZCr@z{@a;>s(tv$7JMt<tlq
zCiQ<aT38r;v;U;3#6GdRh)JIsjSROVLkV-N?n>24k&>`iQNwOK(8c}GuoSuDoAkSh
zO*ZPGC!Nr_YS@qy6E9DX@i%?5P-^o9vFP|oeY&^gg(e(v{IsJ?!_s)XG9FKSv^E}Z
zjK|2b8c6D6Nu3r_E9EIEr%TQ)p%ibr?%A+@{f0e~<P+6ZRn<>mnzvB5Eu3$wOnLcV
z%S)rNuTfWw&DB=oEl}nA<q0L~sFxXif8s8ig~>#n_~2`0rKM%A;PVzH9$z@mL=$(E
zmH(~0RAd!R%_7da{bH25Sc_KNhFw>jYU1Y5L?0XX4xx!%j|x1hDIHLB6OEl3i%yKj
zmc*h*TXQOn@uWe|<m<!hGU_tYAQOS_NEG@(p~*Xi-pTDoj1m?`W9wqkU)Yu-TE2u>
zyJkr4%bRKk{pbX(>QRtclK6$_`Xh;TM|D+c>6~axl0)4C7S2nl`~C8=Ys5q1DH2J^
zes@Yg?aDGUYPZ$ap|ey5i1rpYa!KJ9KMOCtByoRA9-^^VUv*PxAs>xy3jMsEhKAg}
zXRV`j-J&>F!p@y5RNp3a&K#k(j_9LoE-XoGb*l||I3)Q2Plg?;mOe(h3h6vN#Yk^q
zyBSwcW@W|jRmaRYWq5fs_RUzdyr~DZ@4K<+&!v@DwTy4NK@vMH-l<bu|4NLWj_xFW
zX=&|sBn=(G!_wgVhE98Huc~e*hs$DDM{~mq28@ixu8z^5&mn5J)c^EuQ9-ouUFV2F
zi9bn#j}{jF(U!l|+zUxHvn_~{qM0RQ79<=AMJasU=E#pX5w%%KNM&-%*~ulgzDo7W
z$b)oI<iPE+Z0ue)77p3Yy0MXbB`%jVt}iUkJ}wvzW%Il}HoLgc#!qez%Px;~i<M^|
zmP$Ln@J4#D>>CStD!5fa&t4WSD2OggT<7QP4rJ-Fzbsy%`Kpw}lUGRM3uB$~9*M@R
z8FG6nt=xiFUl3<EoztI9+)D~Z4WvfgVqR0l((e5_;XhEcS1B6gfnsjyG<yB4S*MNe
z)M@l-vu3Ry-6^rQs<pLBZogjW=}qIsYJ5}TSz9~uVx2lsJKSFDd~y^2jP@T7#nQcR
zs{J=#FmK)ktD^<SbuKFE?AC;(Gd9gwdUGslioabIYl&6aT-<DPQ7JVqXqyb<9zPfI
zSPau9op!m=Kc`66O!l%;)N|rt(I0!+IW8J&i!K_kC-|AUr(t+=*Q~Z!RJYn}MQyg+
zTs=UpvSloh@gVW)PO5)PJ!#wy!mId=<131aDpnu|ZFu6!>E+d})O+cQiZ6<q%1xc(
zUE-ZSeap@FtZ_}<5947o^m*}qRY~z<wvO~ewI`82sn@0lEOwm41J^chzl)^|8T`q^
zR(hy!C5VB9^W^V}G1HgN(Pd)sZeD(V-sNMCUSYfKXl}Gn7e~fUTQq&9?MR||c||(z
zTF_o9Nq-ILOY5_Fw(3tmV(aRtn))i*01t9<QYiFWlJ1`~`lw=?mtoY#+lVW(fAXH0
zQLpe){nKroMz5PSYu)Hhwp*&|-%=HgU7688>Gvg}!~k1ZkBeDaw>Kt1Yoe{j#wN#q
zDw9HHE6=c}`q0Yt`-x9t<>8aEbF&!oeJ>Ud1bRDJSvgr*PVYd#is5ACW}g%;&yW4R
zq_(QIOlMgcc17Yj7s=T4;+%LyGk8F*ePwtk`Fkv1q#DFf#UbB^!le2ZNl+>a<54?m
z%H-3MrMlJ9QnX~o(fI`PnuD>za|<g1O-?o)P&T5K6rNL98f?xB+AeiqRz<9PtRib*
z)a*cxGiuuEFDNLcD-r>3EGUQ<URd8&qc>YAw``0uWZkG&QarAl=KIJwS^5eqo}FB@
zc@<4$Pt`E5ugrM9gu>xe)$>|GX6A}@r7gh1lF5@x3#_On+%uSym75g_^$MGIjubSG
zp-5J~>)2JKUDDK4y=+-^Q`1D@Mn_5_LuJx36vJq-nTY%HrMNRB;mIlP(*24%eTd8i
zE+cP;DC$Oi-IvXhQ@4>u)=%2gub%pWFL)DzN3wE)O(HnuQdsf;E#STAC2x@ac1iyx
zk{v7QkHv74*lb6>#3j+#0}r^`W=3KbxUE6zs#SGtzt$CYT%Cu^hy*PwH}7x1m8kU7
zVtz-OKs0t<taH9@Of|O4<DK&pZ~G&HKFO_mlT#zDSH_L*$YQ@ia-EKkl}O!TwOgmn
ziHSnDH;6gi#F1Hz)Q~{(W_`5Nosp@E#Y)^7>@?UW`|3IqV<=HzQs{&}vHg!Ti0~4&
z7qV<{Woc_S?vbaQ*R@?`MM*WReUkDDy*rh+PhJ#WhRDR$pl&mp%&+BH(-w0_AEhEu
zm^q%)&=772g`H5Sv9U`-x1~&Wj~F*3wlq*+XKIs7I6D$HlS~}8V29o?WW<OeGRM>!
z)z(I`w9bkoUb8$YjY(c*u2d&Wo=f)|t!2!6PnLo}JP2XBncey+=V1w>_n*%GAaNre
zqk0z9e9*%b#AZi}ObQ7bM^9IyC;GB_Iz_M4Y|Thb_r37})snU*6Ac=lJN1_)s0T#L
z=y9X5o)<5w;cwB!J%uY~c2H4^zi@3u?D`5gbh+xd&5=X8)^+U`Iad}YDCe?@Q>!Wi
zAuUnrP@u93nTAvD6>hm}Z%~rzxpjp*-jZSDLCgHdZeH3DIyLi_eu3&P9iRIIvw3tM
zTk;^!uy4I2E%Ik&>iX5~<vmrhMn+c6JU7yftQ`{Bd>mOLv$Dv-nti}rsb5v~FbIM=
zLT=+5VoIt_Nl9yKTdQp-;e6B3s8@9B*4pEc%JPbmf`<Nm+Io~#_ij6+TXjW6Szbd+
zp8?%<aWE7JM6$yL(Zv-d!Mt3Z6><XMpp%mwE-abrS;?A?eL6WmX0=CV%po;rwQLdw
zQua^VQCcr`ByPp&;k!Hc4~x1|lbz<)@V_wIHe+Iarwt!It#8c3@0Qfp$K&<&B_}cu
zcOuNgBZEG39_|btSkqEpTwLE$;~D1E#fpn#b?E4wFPx*3>w(G5GD{}cGJ*=J?`|N|
z*xMPY^Dy?kt^MpJY5O~zA7Vei+F!ZRwYOtgt37#+qP?}Qy&Y9p`=PG=>DW`w&GfI=
z(7(!zmx|UFOO<nJDQiIPY$a9Djg9mi`mQY%`MT)Nio(K*?`P}$3SqOqFYH}0onKI)
zTML}Lif>fpnZhj<1qBsb3XNr*g2a;*G<2RZx<%j1E{Gj%>-~$cIP4B_QYESHjrN>y
z*kKcUMxzW(51Y_4x;IwM;#_TYO#h&wM^!Xh)uUpYXE;B%pdfd8PBfass>i_OGiIz~
zSa(Q0%`%&j-zE56N4-40Y@3SJc|8Z~5f?97bg{c0(O6Q_DC-f4U%h18@=GpsTXo#q
zsXn1Pc5N{uF`CfSuS-{Artyeo$YmJqyR)-enNiv2m^Y&HI;ZqJ4I8~*59-d_7F}!?
z0xoMTNlo59eMq9$HA2Ci(tc^t)v?6R1!9+^bI!Jl50)SYZzR}pa<!rs)VJ$c4%CPp
zg^7ILW5-)kNrlsIY!mJ5mZY8)?R*<k;vs99*eka0dbYn_b=+c6(qxhD5>ZlLnL`}R
zmO9x>{ZxO$bdu*nedc3W#?XrsZ%fR&9QsqRLO7WVlRN6LnNMAI=T`1SUKTJ@YfKEv
z9H!b*;;k+EnbkJrGcvdOPIT1IqA_bB(`;{Yr7LVM=z9)TztsE8TcprSjg*m}9fD+(
z;lXA$ZT>{A^uSu)uBUo$XjV9!bwN{IPF_i6I6N$z70wzM4p--d!#S_VnrDm}Iiooq
zZ=Nx7)QslXpy6}p4wqYx$qMW2tZ+T;p)Basl+OrfWras%XH5-fz1otKotKsSl(%BJ
zx3*2nqOEq{$BljaHh$dLhnHC#f4#MszIMDkNmJ_~{;bhyzv9|F#Du?~);Ntd?oz71
zq&hEi#dXS(L1k<2lEv7&WX83nvaqmn3x=y(XAbMS-(u=X`UX#acg3~1p*3sr@YjY<
z$<3dUms^s5dqFHOZ+d<%WnZYPoueuHa(ObirQ-?e&-|!AnJY330{FLMba|TD-Y&f^
z<4-+k0eeo&%bk*+o13p&Wm-5nUsoP0(w~r15X$S6XB-pM0iD}9CsdGgqBxwGpIZ@%
z=EicP!HPUxotLL8^YRWC7f9kQG3X6>d67tIzmk9xG$s8@A`x897MBP6=J40|!Mr@$
zLgpALy#rvMy!w{JjWV>=v!G684^tGK&B!u^q7$=Ezvldyb|kwKo;p%PrGESI4_rtr
z(F<8^`ap;^nSF)P^}@6x)SEH9J8-4B+s4du>5Fzgf~m2m3^t{U%@`48?t~;xp6BGp
zHpJr2JjQz)VzJNK8tG>yNaOwV9w^c<VsK>jp+r@vAw1NI83TmF-Uuu;qUskbu4~bm
z-HGjbGZtJ^iqU_*Fe@Aw5{+FNix%Y1$m(3abEnyw7$qrcW+kM1htNAdg_<2d4@d4#
zydoBfo}=sEFD*)3aqqo}tKH>_1J{4$xpcp|#VN7RzrzmJ=Gw0}Ip}Msi8ZDwXn}D`
zshS5_g*vHz<fyJ)M~$p6TpcUS9^d)FV6W^VI<>;=iJgBQZptn?=;~B?O-;GZE32s~
z`}FB};oVvKq2@(}@p$1+vJ)eFEiH`87-S6ZdtGUsWj0Z)hOqyZrBq@sqX)w-n_?~X
zWtA&qHE+GPRutRv`I~NQL}B_9ly>mFH@gjXMJ#&O7w^IGCY?F0oeW-sZ%j9sgKe2@
z<Pr3V$T9OXw$4~Uv~v9Q3%1Z4#k+6jThu@qX^f;y|Am>eJnCiWQNQ0aU;px{yGz1$
zA<PLjg>qQ}$PM)fGx=f(DXaKNh88=csl}`NB^NLJv2s`gYZTGg7M5CuXJuz)4~rB>
zm~cd6r!)+!OdKAKz5H@4x|v0Cv4hZd*e}p;A$bqRmy8M8QoRDTEmh&Xl`?m_!BhYP
ztqY0U>RS3SQqez)M6QcO9*(pQ*JUHxB7+W3yfb=`)Eik%poKUgwOj_9)R*(sar!>9
zR>hQTx3tJu-8NJEq?E_0F0O6S_r-^gZJip49CO&H!xC@lK4xj8|LDY<lbRyU({$%y
zy^|^uk@yF=Pi5ktW#e~vGQX-{GcreLRO2KCZ@;iu_6vD>HQFbfJD-xx!Z6F@<j8+g
zV`>TelgTFAJLuO6drlfWXp)RUCk+}rsb^s%+I`%Bl@lkf95AkXbV;P5V(qwYooc%r
z83~T7>|9nmZf(3oAHTb*Pi-_>+ox)G=iXxI-MO+yRl%SEyAK^)P}Q^Zn}?Q^M=DD?
zmsP*@TCl9RbF4TLD<V^=2N{_<F_o!-dX^J4-==D{DLM?@FE#GST&J@W;3zJs;%UEb
zR$Px-!|a;qKSzR2I1qA<XYOUfp}<Th6bLghW26zx4a_u7z?gtJK9Cz^=#e;5ce*eV
z(X(`8Am{|n3I#&JO+2mwiI;R^b|etqWP*-!R+xERED{MOp0b7R4)2kFhLzu_Rr*xD
z%3QAUR3}>`8B?@IdWuxNXW2!sY8`h(TiX%iS|j~OjOZ`7e(bCs_4Pf@>e01pkH)I1
z#<Lo$s~gc$YNMD`PDp8KQF4d*$Wau14?DO$VBq2wedbQF?nezw&8=-+WN>Icij6pX
z<;t^1#>&QQUbN_}F=dhR(HrK@-7uy+KH|*9i_aVpOFX!K{m`DhhOA#dvboO{`i91_
z18QprjBQMu(EW&(s@k@(4fUh?S64QVK1AP8Kf0y5x@B~I;?zh((-TdN***F_(XWT-
z$<KlAY;zD$UJi12!J$cwLRWRAer04bo7$bF7=s6l(_#l?SHEz%F_(|1t$o2<KDt}C
z(cg{eJNM5?MDog%<RqGAvziC(rxrl_tA)@OwHVr}mO|TT!iEO75_+gw1s$l?Ko3)E
zp@Vp3&ZxmkURM~R&VUY88==G0Cg^ar89G9p10AW(gN{-cKu4<!p<~oV(8JX?pkvh*
z=n?8t=s0y5biBF(Ize3tov5ycPEyxEk5tz}k5bn`C#xHvQ`Ak+sp@9vG<7R<y1ET|
zw7LU2L){5IMs0;2tL}y#r|yByRQE!USKFYo)cw#C)C15H)q~L4YCCj}dIWlsdJH;O
z{SrD)Jr13(o`fz?PeV^u&p;Qd9neMUH_*lEdFT@LTj)~tB6OL08M<7(0$rhAg|1XP
zp{J-fpsUnd(ADZs&^78E=&9;G=vuW4`Ze`e=sL9<x?X(<Jx%R_p04&n&rtiI8`MY8
zjl70#)R`&)-J})tEN!5hbpU!cO9DonqqCsr>In2aoeMo*=R+^hh0w3-BIt!W4*d^Z
z0=-C=K`+)7&~NBU=q0)ex<%JOzp1-GFV$V4-_i}x%XByB<+?lc3SJC1>f5>rdZq3I
zy-GJjujci5qrRhCq1WgE(C_Mj&};P|==byx=yiG+^m;u4dV?MXy-|;W-lWGuzpuwZ
zZ`Ko_x9CaGTlG=UALuF2+w?T(?fPiw9lTm^)DQJ>&^z_<(7SkL-Ked4HuOjOB<S6|
zIBwLB^#bTUdLi^DdNK4~UP3nNKD`{eO|OLhRIh^Guh&3-rq@Cr;8Ovkey&f0KB&)t
zKBPB7x9d&NhxKOYBl;ZZqxwAPWBLN<FZ6}bU+RmXztZ1;KF-VaMm?b~g+8e-gFdCN
zfIh9Sg#KDz4Shym1ASIs3*DiwgZ`(!0s0$#6ZAQKGxT|0jyLKBeH-+*`VQ#t^qtTb
z^;YOh`fljU`X1=-^}Wzn^fu@p^!?CR^#jn?^n=iydOP%W{Rs38{TTF3{Y&Uu`f=zV
z^^?#)>8GJ@>t~?v=pE2^^>3i>>F1$;*1v`B;?oDC{-R%o{#CyMeV?U8qju|^&=2$*
z&=2)n(7)+FLHFo)pnuozLHFui(0}N^Lig$2(0}R=q4L7EQ6KBQ&`<O}=%@N4XhMGi
zP3nX)8Us`t1Le5}bxa5v;3amWgC+tEnOtbt<U_MeAvD_*K_ey(%`qj=TvG<kGZoN$
zQwc3FRnS6H1C5$4&?3_n8Z!;hxakHhHr=5mrYE%2G(pRF+1}`K(+sUJ{h^&qE40!K
zfOa+mp;cxOw3=7y4XsP*S_a=CvcU%{NTf`$(v*bKzX11ud;mf|l*s`lyAH^QDCSc>
z4B_(%CkC>j>y+ca3;yeH--Y{Mz(>GG!TZ6V;g8K0r#Jiq@IQy=!Q^Q8?eGtScY=3;
zTfrZJuYiBRUm^Zj&}V@}nLmQJf_$iA-T>bOk<*BrmxA8{F9R<JuK>RdUI|_WUJZT+
zyaxO(crExn@H+5%@CNWk@Fwv4;Ge*^K|X*n?;=Mfa&!hOz)oNlSdIH`+&=&lU{dMR
z=&IOpKq0brdMG#$JPaHI9uCUbaXiT2LZ1lE2Iqi_!6hK$S-k?>44w_12c8dJ2=b*7
z4OnS1N)uLm8Kh~fN|O<qpVBCf2B`Fp!F#};fGAv}aGI6UPk_&W&w?maqfi=!(qxqC
zuQVB<0Vw@9@DuP;GDduc_zbf$-pSUyAFKF&MLXS5Ko9tv;ctN-3x5Rsz3}&eAAui(
z+rXdV&OFBHMZ8o5O+}!)R=O`Z2pkMf0*?eKI8DLP%_vPl)5w+n9r3(MJg*VYFya{w
z65b)a(+u_l17Hx0fH`0Y41>h)5Wh1590?8qhk|3k!@;A$8DIn0NIJx0h=*pZOg8p$
z?2Ew~uomnB)`6{H8~(n5ze~U^;5R|^XV9PdEBHSCy5a8-kb2-y4;<=;L;Wx>;{Fo&
zGWdJ&J@C)u7dbR?$Tv?~^mQ|M3+`pOmxH%~w}W?pKLno!e+@nZJ_|ku{sR0Z_$$&Y
zA-z)K*+)G8#2z%D(;xd5_~+qY0MRqwE@`t9d>wc4?~s4yZ_4~9_#5y!@Imk);-maE
z<<DbL>B%7Z)Z~)~q|#Ht3E)I<6}TE)1D*=51-}Na1Wy5P0BLwUVwC<qcpZ2>NP3#|
z=<1b5KDvLUk;5Tghj<;*aY)CR22KZ&!$A(`81Pu|IB+I-JU9y+2aX3%08a#|Z;sTr
zX5#G!_6J))%2iXY3=)*4o-j;Mn)=2-L22p_Lj|QrgJZ!XK+@Nw&tO3586fFv(q}-R
z_=ZX|Bv6|483-sn7n}#q2N!@RgA2h$;8JiIxDH$oo(7%{o&jzEH-cw^o4~WcbHH=K
z3&5{~7l9Xp)JIKy<Z-X`H^D2xtH7(l?||2U-vy~hntH?|T<ITzcY=3;_k#C<+rXcK
z_k%wJDR(X9z8!oRd<1+Hq@MAenC5}4^i$x|;IF|K!I!|7!QX?gfPVmA1z!Vqg0F*b
zfNz5DfbW9ufqw>ffqw!23ce5S1^)ql1bz%Az$EoiQ6Dv!3+93OU;$VNM!_O529|)O
zU<KF-tOPrQRbVw(1J;6Fz&fxiSPwRUjbJzM5U@Mg1MCU*0-M0zU>~qANPXfPGtDDd
z8R`=cVP)FD0pOwFK=3ed5I7hd0uBX-fy2QO;7E{qW~gUo40t#=7CZtR2aX3PfD^$<
z;E^Ep-%$Sz?ZVJ54E54bFU`^54DcB6SnxP-CU`tJ3p@cl5u6Rq0Z#(wg49z(Jv9qJ
z>Zw@>E&>;WOTeYzGH^M#0$d560<HpAgKNN3!L{Jmz;)ny@HFsr@C<MRxDh-P+ytHl
zZU)Z=so#eB&3BlJ?<Y0iQz`Rx@Nw`7@Ja9~+OeS>J0RunQ2q|(?@;~@`gYK_gB~69
z=#W2${5j;$A%9B#3`lrI7?sVJy_Yk2rdn}F)C9FunNedVOjG$w=d4-I`fmVxnO=)K
zgSnBzr`4#kDMwDMQ8g)hT&z2BT69!k$^2D>J&+QI#KRjMRsy3U^pLV=DyhWP32L4W
zsKrcRuV7+%FO$DF*anE`GToqu=sw(I_0jYtysdz&<w)0wH^n-$8egMoRTovKx~VZt
zO=mJqJV%!ju97xWn%ql>F3DZ2v&NxS$v0F3_l)FYY9{<S$zAxlUza8CN2;pi$GGlQ
zAxwK!Eq4QcW>`Nj;^z(G65EjKj8E6k2fPEjmpI<A?g3SfuP&*0y5TnqzkB`o@XOmB
zUYu?iZDVs(CqlY$?otk>KakcgRmW{`+hubh_PeYMX?yV{q4(nB4Yefs3|s`xv(Yw;
ziS8Cn7u_G<%aTM-%IlfrE_{9Ee{P(~z4m(MtBXGQV)BFJ+g^OB_&@geuLjZG|K>mB
zej_FOSE_qT^D)Zv8GF5$eDPn;2DRu*{Qc{7Mne4WsAsOQ)Qa0l;r`DS{ohMF`5f`S
z{rT}GKmPaPmbUlV^8Qy`KC9gST{#bwMd~l|+tz)c>zB772HX35rIPKXL^8^RUO4sl
z)urOcxXbEc7rFRS?ZyjtaFn?IPyYQo`k<w~-9B8JJFq^uHiUUGT?z-!A+hdCevs*w
z4ndF4MSaUCNvSuq&Og{%_@#B9jv<{=X4$3l;<|s?QvIsqP5#05<8ORkyzOOmImwIY
zr2SvYjVDf~eL8M5`N4i}(z16+S^sPL&5YkOXX@9p^YF9vYwN>j%WIz{X_-^?><?bA
z<i&p=ChzCj=#L-7JzbxX^o{-8<T<@7xtL2d(!RfzP9_~$@&c}JrxV2WMFPK=oWLcj
z+?saV-;^$j{ap^ur!(%kA86ybNCArZvsLZ+08<St9b5Y*>BULD-blMhC^X@P{eava
ztg*f*>cijXG*(>wc-*wSSZ&CIRtE{=$@Te28Qe@ozds#k+P{>Qmqt21Pjga^X}|4F
zUTo=5?cFmuG~>(a>H&E^M<1DC|21<uodd(6vA3z6pYyQs^5li}_%EaD&r8{hPcic_
zysy9lJ{z+v;4_nB0iW3%3;4|FSiomi#{xbxI~MSH*PaD@=6EdNGtV0atyLqSUDPOO
z9Wy?ox~j3zdNmH(z%16NMl}iAO&tY2L`{KqSJR+9)X~tM>KJG*bsV%w9S`lz?9(94
zY-q;@ZpQ|0#|Cc425!d&ZpQ}h|A-A--IYbzde%x=KknGSWu1K+%j7?0-MlC3=InQL
z?BAjX>PN@^E$xH-o{s%n^uWHDUJ9}w*0Fz!9{!9Tn9g<V-_lR~|FVB8`?T%%Z>R0|
z*Rh{VmG9WkWg*AiBktJGO|SEOp^1gJj{V%v)Dp|f9s9Wl)y|h&X52q$$A0eq8u>rY
z-xm%A0}ijQ^{gq}YU+=ew{_U$V`?5hwzgN#{n(nqaLrbA)YiQ9HQSQOqmBu53Ld*P
zSh>}y&)OQOuY3Ko96LTa==kKI<CBAqPYyahIbdAQE4m$@9597@i7DyJ;P1irK$)sH
zpdVgw?)c;YJv@gVo(Eq5cYy!N(&q%0{3e3DTHW!<0eaz8?2b<kXg|5MA6_}{_~ZaR
zbbNBq@yWseq)!eyKDF=o)V||W`;JfTJ3h7lzxAno$D0}qyY6H7`4RXr*zu-D$Cvhe
zdE4=&J=0UZ@a_209zDE<9(IDSgS_b8@ufZe<S_cn;ot~xBsdD>3-OLOHPFM^=;0jj
zT(INI`;IT~JHEU>U}L!BO^pLol3~&DrbdP`+8I0E)Q}Gg+o|Ng2h;JU#?^cY*zx0#
z9X}5F7&C}pFq7B={+$tGgppznXg~-21pJhZ(jqoWV_+Frj{h$Bufv^p!aIH(l8;9^
zJ}#mnbSznQ{5T{(7T59Pkn{&9p@+HPJa9g^0OUva{%`y^<f`F|mNzY%KW|ZF&Z;r<
z7d9<gy<%y~xM0!pIiBtEMQc*Vl;6p77I=QenDRS5Z7ar1TQ>%=O~o)_&N43sF{b=l
zTi34`#c$4>RTJmWcRhP%@$H!x;oUQ*{7+i3V!4eRduvX`J~o|0F=pDjk%+Ct(M)bV
zGsYQnzUIj)##Fdt)3J$BZ1d)<@^aABw@-?b2;qq5@U(u!C?RrF5{lxRJw_awk=+y0
zGfP%|vjoWS(+{&Jk=T18Nu(o0Qo=U%g&8}?V~}s^{P}3gbDBD5UYeQa`y-H46W^Py
zC|(#_<{p#IJaN0F<~d1T+!%23m}V=Hi03LPC7#Q8;`vS@p3jJQKI7G58=Z*fyLdIu
zx_DKpsjnxV>n|mdFs?*i+56&I$wigE_L@EMd?#Of;?LKfFuwML@wF$6uRURW?Md8e
z?TM48uqJWxnC2#N^0jCEd0O$svpEzeUwgv%+7rgto-n@lgz>c}jITXkJU8xk+7pky
z_Jr~4UO#d1>QujW+7l;Vd&2nI6UNt`FuwML@wF$6uRV!7tvzw_6xJk89@E?;PQLc6
zKTmtUcs7UP<ZDkDUwgv%+7rgto-n@lgz>fKi|5AOPJ80f*PbxG_WFy9r@j8|v?or!
z_Jr}ZCycK>VSMcg<7-bCUwaaFT6^N;DXdAHJf^uxoP6zBf1dVy@oWyo$=9ARzV?Li
zwI__PJz;$93FB+e7tf8mo%Y0|uRURW?X`%Dr@fYT+7l;Vd&2nI6UNt`FuwML@wF$6
zuRV!7tvzw_6xJk89@E?;PQLc6KTmtUcs7UP<ZDkDUwgv%+7rgto-n@lgz>fKi|5AO
zPJ80f*PbxG_FBco(_U*k?TM4GJz;$93FB)|7+-tB_}UZ3*Pg_k)}A<d3TqN4k7;fa
zCtrKkpQk-vJexyt^0g<7uRURW?Fr*+PZ(c&!uZ<r#dG6sr#<oLYfl(odu`(4X|JuF
z_Qc88o-n@lgz>c}jITXmeC-M2Yfs`%Yfqd!g*Azj$22#IldnDN&(oeSp3R{+`Pvi4
z*PbxG_Jr}ZCycK>VSMfR;<<6R)1G+rwI__Py#eClX>UL~?TM4GJz;$93FB)|7+-tB
z_}UZ3*Pg_k)}A<d3TqN4k7;faCtrKkpQk-vJexyt^0g<7uRURW?Fr*+PZ(c&!uZ<r
z#dG6sr#<oLYfl(odxwgPr@celX-}Md?Fr*+PZ(c&!uZ+~#@C)OzV;;UwD!cwQ&^KY
zc}#PYIQiPM{ygpZ;@KREldnBteC-M2Yfl(od&2nI6UNt`FP<BBJMD=_Uwh)w&tcy_
z1?@OHZ1m?7c5G-z*`vmcpR;J{!WF%yj$q(!hiHBl`^sP`&B?&iFC9BWNW1kx5bMUs
z-X`S^&Mk+NEi8|*MdC5uWXvDq%48xftjiIDH$AZayt#-!#Fa@$I$4)XCF?Vitj~B8
zKR;RD#hZIH_03ODM4H^8wKwr;>dS=47V4Z;OEB8P#)yLanrIc|7rZ~Aa;FiZO22^n
z3g?%7Us0tkMo&e;xZ>e&_|o|qoIhD?l4+BtOV2EU>{xoC%#<vbbL#R%eOg=EnoeCc
zkJ!@1DKhx2t#2Rlo-w_W*`VLv{EVfu;<q^K<~KRZrE8>@X*XOmNu*ny_3E`Wclw#G
zTz2H^HMO*CwmsN@eq*y-TIrIa-`uR5-`*^jR=Ovf8>cT@DhWjOS{W5Vl;epitZ2@k
zwzXH4M4PS=wk-U4py!rKGF39oO>>s6kr=(6&(;p%Tz`FYR<E2hcYYJU^uK6%aDn(P
zIOWt8Yvxlg*0{EXmS45#<b^4V-1+O~E@ef+hH-bYG{5>UX9_6Ary**yJ%ldC@6W%3
z-Md^4$FBVi^B%1^{fGmfSmG(r1(*x@T_vr1^O>5%ulo<eJebo)96icCQ-Ko|9J7YA
z60|wfY{Gn&xd`*c=3>m>um>XD#>p^_xm^xV;x{N*KgzgWF2XN5{#FI-nFbYeR?Rs{
zbw7F4{3U9fJ>OuQ4JGFmIOHL~uljSw!I<GwYE<F$DWjn5-X&Gg#_E6}-@lxp5T1+5
zRL{Amu3D{{?P&*7EIno!4Oq>#biuME%a$n4iLkQCsSDlsJ<9I<4rNb%f3k_+o$SN!
zO*X53{Q6~!^)(P`R5m9ZNEm*R3)xyZFi=dI!vYUe>-22BO5dwDb6=)!g6`0XV1BTM
zt2sC}cwBI0aC7k5;I*NK;MU+H!RLd!f{9RJs39~UG%j>}XnAN;=-SY>(959@!+~&B
zxPSI(ISX?x%H2^grEqD{(M7Murxb52DJmUMmS28CuadzV2X7nlIHwpW?h<4l#cyS<
z;*^Fv)Gv{ZGnFa10pM-iBBR*FvFi%nYwe_dXim`ZTq5viSQoL8^EFcOsNL`<S(kw4
zo39SET5j!vP|ZnFsd&^Q@D<i2Bre9fbHtUnQ@1$C&`N?-Ve5XCAMyftH)NK$a1s+G
zYOa%Gv1}g1_5^%Co_IdPhF=y<oRh&1!pHP>J~*N*xj4f|1wNXSBAsYPV&$kb8^Y1U
z^l(ntF)3S3-H@7Q&~X+1j6R(6KR8n;u_nPO8Q{vqO8jQ=8>xf%&C<1$zzrO<_%cVj
z73x-f6m{YXeXD*_?=pp^iy3Gpm<48?*<x-r+s(_I(d38>fi1*c#H|#&SSqL|=xO>G
zJ=;{J+*kVUxtNR|!)Znm(gco{^OlfLarCH2>)H-8J5#otKthXgZM(~vP}XnM#^<IT
z$F-IGaV`h0?3R(Q*Dal8!)fP3!o>MFQ{1UTq<=K03fa)kZ>^iu9XXa%!k(6Lc>vDM
zQwgRl3B##myG^5+VrFoniyQt5-&ZLn!)YS(To(>Z^TL;53W<wesMqRq&4sD3B0~|s
zS6fBelJXyfno-t#Mk<yBoYZ;6FWR~(ima|&QrANIEd4|M3;hRE&nY+#7n<NK7kf^P
z4c7^(<-{oL>Qk}qB-dlDE|k?<NFT0`&`b1s+W+|}KT;>%lsl(v(xohQNlu=!5}D(C
zpVcXw1=zSU)?hMbI`6i-ex(JuvDT(+2Ks)xV3Kp&T%Ut{`#Nj?x0L-D-(KR8b9G$*
z^6R@jQ+Z-*keDW>T!#1|qz-6Kdy}?|d~#+GCdDuN(%0)vW}!Jl&eHK(4`;sx6S)bg
zvu-PsUug>_p0{l+WrK_1gI|evU53BYRPfWcK7A`~WBqNj{*F)Ea>`dQ@t4G3(l+8x
z-31@;YfC!yt}2-PN%ALY-@1tK(uUK16n^-9@w5%SelR&8IRG0it>4QF$FuIAm)m@w
z8M#xBOGr6$&kuPG{;o-0lVKzIXs0Q9y8UBsB2>usTVCt~vH2`n1A2;{syFD38L3E4
z+;k0n)8zeJ+&qTF<=|n}IxfkJ)K5=_N_xo0Z5}-vQc?4`+@2~k-%{4n3bcBbI+X3k
zLTtx`D|j5#P?J<!VYs1<XMFmOKI58AMG9-uZl1sJs8raVgl|rn2c-RlrKV=YDW_>k
znDDri-=ma@@;Q3=Xr+2j0XdZ_x)WqW%-##(|AcvY>gH6bC~pyjPfOjK;OSk%=W$=e
zeJT7tI@_L@ujIa#`vL3{;7#0*aNowcKa7yVTe<J$#=VFUhIJG7$H@zM&o0Bvr{H0c
zPh>)l%)Eqm;qOCk(#s;gq7u?Y2W9{~@nxY+G<}TiqsHm+dXhep-gpN6@l1V!K2e{f
z=jsLeWcshAdYN9KSL##r8V<BxPk(*7K7&5(9DTmNKwqW5qp#D~>mTVK>uvg{`U(9M
zqn!WLuj@DUJNjMyPyMl>fH@C6W{ORjDL03h9;T1!YlfSVW~@2F9BXEp*=CNJ&r@)b
zS!~vt)6GW4kekif<{WdbIp17mzGJR2-*un*fg{zoczfe$wNvTfBlOHV@GW&K^nOmc
z)6PmgJ6(%7oVZz&Yx_zArESm0qjc@LfRw5||Blj>txTo*KZ%L56trga>zO|v^_u=q
z>eDj)=uO1MZR4T*ai<2@^D!xTdoCs=ZqK=+r0uzOl(c@NhX|7TvtggtFB5hrX2TKb
z$8vffC->R2`(|-+pP{5qWF&qKr{)FpJ)Ef-(ob{3U6y`<-#CouPdFvBi-~i1YFE>f
z6X6=nC^K4hGsknfT6e}A>r_wlyjk@!H#1J>IpW-@PN7GOB<QjA*2Hq^$cqWFxiPsJ
zn`@Kwq9&H0{p!=KpKHaeUP)X9m7}ydY&20wJe?Bq1Z(E7X&Ko;O*g8!)(<BR!Tig_
zC}`Kj1n9iPhuFWL<oElWSCe8>pA0~oWHe>YOpa7K{1(3k&$B0S9<dd1$hHowOFoGI
zBa=r_+Fl=1gjqGeBDX^s;@9CxzM1~n?^o2-{QCSmxc!xzH-*$k;*C4Ror^&=Z~H24
zU3BnxbQ$SXad+kJ&fSN*RRmD=dOq##d-^{8tbSW3P0)l)*kqY(6EQg^*W{UeQ^1HZ
zYKmw}l&L8(rM5*?m`<kB^frf^6U};anj9S)$l-)IIR~*9^eLIw$(e}%GY|LMNWQ6D
z9f$k52mRT~CKc|#*WrHhc5eC&T{+}}tK%#gO7nm}S52RHW{IcB^qC=EB<T}lJR8CP
z*=Nb{q|W#|P-hvA`x!gVlG#roKI>`Gx3C5|X~(OZu1ngV+vE?@3D{%Z#I=1~2XdUK
zBL`{9;>ZDiZg{AFe3^Lh;v`hNW6v_(#FxEZJRnkQA#r%|cs{&TGJjUpa}#u9%nav+
za9wfPWlaZ{_A@nM57ufYCoMbW8{OP5aqj;|nER0@!xe2<ou_^B+0kdFnc-`{P-&O6
zseRlcog4G##s7Idoy06*+sB(u@2fF=kp%yGDpub8>NL8L1N9DCf87*5PfMN*RvUXW
z&&rZo$bHb#_u|bwtTD4*da<Uo?A0YXz^$E}>3Wt9@kOT3Dl>Gj-|>bA#+2D!4s`Ww
zJbe*kyO!j+d-(aTp09(Um%_o^{%t!sT8m{$!e_A%6=FjtmxYr;6@`nlsF};sb7v+>
zH5|TG%tBlv3!**Pz9?t=q7~ai*&67|fm~zQ)HsquxB7DA)^xTtW^lEsSzH6uiCl-O
zxlHK>a!m6Qma<neH5{x~tBp*+&SC>;ygEmnrzWZkI0pJCb-nr#A%3iWhQIABcCTkU
z;1zY5dX?*PChL3fm1Jw_c8-cJQ+MhL-AO%4E;Lxl5`Q%Zg4MD`p_sDtV$oV5mG|eG
zH1@J3a|p}YEXa}D0_!1{1#*@+Qh&WtSj4h*oS2JQA}GbK3|+`k)bb~XQCG4=EC*7{
zanxOz6gJqjjdjl?Md&e3EE1{<R2D|PzX%3dNRhu{+%x~eKGP4~vjW2<(sbvN?IgLG
zkXv7_j}WE7bP#{V_AW+d_o^hMq%PON{v>XZ(!C@V?<ytla!LNZ%hiLc35m^(y$XGZ
zM%=5$YQ{}bXxG%$VD;3EFv`lp;tG0hKFF1lpwN><@L+$PsH>f<L#KAJq|>gqHCSqK
zBXML=)8%M7Ih;;5BOG!UuydIZEx~oqryWEnV`&#sOA4qlg<Q38a>cmnthUOmrt+yH
zC2T#3reyP=40AbG7b{yMF?FVPh<>^fM=d%K=?)=|I%<x{l@E6awW|kLz}DbnBF>DG
z^5BeS=jenpeOhsF`Uq!Qu`^W{2B(%eQ{v9#ak1d!gmYAmb7aDqG_f!^Dd9{kbS5O6
z@wkjnIOC2e433LAM|92$9#QCw&2tV<IAgAGMqlBKN;o4;ui(g!oDn~BhL3lKC7huN
zXUO29;E=d8cu+xbaFH|Uu)N@)VaWpLusmmA!Z|eI3}}l72YlqTwH5~3;!bNzPO!Dm
zX~}W=S2_LioaVkc!RCb1H^=GIJ15vD&*`1xH1*03HWfO(vYnpIPLJ;O!5;IR?uQfw
zyVpC16gk}*>x12fJB{^DLw!!Lp}?unak?g)x`flEz^NslwM9<NJg532r;038&2u{E
zIhD~7!ODcw=_99Ngi{Vvo^Z<MIi+Z-G~tvGsHEH}PB`&|6H7QncqmFZQSurc;S_Fg
z3g$Wa2`4YNB$$_Qa`By8;^ZWpNTHLRaI)~0m2kpwCp6Cq;220a!-^ejodmyST^KaI
z*vocQ!eOOy-nkd+9{(Nw)c?~$cGfLyZ9c{IFx$%4=$qjd&^}MW<~nn?I#->F&7&*|
zf1TyWr_{}C96yK8^VL(%ZLIQ*<B9YX{$C0jUObq_Lg6*~P#xEYhC?*!Nr8I;Qv%xp
zZwG#@+5)QszYfd}tiFjI@p!n7A48RdZ`P0MU7>HO>(q13@y;pE@AbKXy1=c0vFZ{x
zB4@U`B=~|>CHs`#t(=#Kt>~TH(<w15nysSQIm65j((I+qOum-fEe7Al8n&tGq<(07
zUXIBt*rSH-P|0D=r>ebi<4*IB9V?zqzMu2YL3w#PFMp3JSgyjq+HQ94QM;Sey72bF
z>Yi#<m9xotZio8mZdJWaIiD!?Ap5gLIxoJ*>@mOJG<4YDGn{?lN4KB8eO<4dWjP~u
zez0>-bya?~`e4W1JF!@%PRA|0kDx<`_1<K5^QB{6F6lj>nwr!D1!wIEKetnVyh%Nz
zctmR?eS3S(=AG4Q-v+f|pXy!IPPQHQ=-pLno3mrE+E%3s$nEd8tBpG)Z+f5NInRSY
z<!n;n?P@5tJCQX<=jA<={3w~+i5rO*4CA4mGmK)u-!|(rnMfx0l|-DP0@Zs*&ZoHJ
zb0__#C2T-%P{~aN`&4*`EH?WN6bz9)w8MN_W}Kp|WX7M3EHSL$6E_S|a2}};LKEi9
z9pO*aJ`zYfxT$O}cuNHeO?Eu=PZjE&+_8LpIJxgAwPH&a<BGmKMf!2Yd6}a>BZ)(~
zvUp+RFz8^eQVua4!q{XeSGF3)6;Z>vayZa*gbJyVT!t~!D4rfNiYjLmbrk*nWUeg6
zQq!Q*xw7q8s>+U~su@eo#gA-)W!Vu`cScGpc@mw%)q`=>8eC81b%8APHMZ1>7(uP)
z$#oi6p*o$bfLAfjz)W%SyxGWQ7>Auj44b)nFd93Dr}p_=d5p;}Ahrv+0_tM5g`9qq
zZIdj<V^<*6_3B3KZ&J5lb0_1rEXHm3;b$9HP;KXRjVxXnc>+B=NfXoRY4x9k`i*)4
z4g6O9j&xsCFOhc{;l=F;uSC7h>q8~#&lGu<4(f<1(K)<4l+7y-g=|Vhbuo+aC7S1~
zF4d)~lP+TvSZPOrxul@b@FsnOGWG?aeEZT*12Xc*i#=gd4B;amt(5ST<>jA|!>84#
zu2YVjSi|_#_2b|#2Q9^rn-K-!vIri4<`N>#Q=L(ZwdHjR@{`9%pqR4jtg4o-n7dTn
zYv}{4<z=Bq4nkM=X;!bSJ{aw%c4L1a?XNz<{y^HI1K1x(TXjD62huiOhW&n&yve4i
zQ2EP2M-I9DXY!xPFnN|2lX7g%Ln#+|Es9Yo-a`;{qh$`E@yX)2H8Gymjy2_AlGm&>
zF|f~u=BpT;O;eZBgFmf4)FIuI?ZIpH<N6iN_KlT7wqYcMT#sWSAgS0F3G^?KAr2Lv
z@=}VXu6m*57~vf1&!5!W)Q>mRAJtpxO*U!XrABF7df3)A*S3%gsL|K+I?auKXi4)K
zIL*u@9b+Lc%!G7UXX$L}qLlXlHC6qbKKG&heC25RP@OM9<-M37&HOh!qMoO+d(own
z7?HBW^UIey{{ToEJ9)oAk}RU4$90U#E-?k@CN|mz<HaPWCr4-`e_{XWeYJ~+;RotN
zc4z2xvG2`P?Ca`3cwguTJR)!By{#Xn(v$cl<logl=<WWg_OfsFvHC=PsuH$vr885u
zp=;Ze<^3v8t|FRWfT<V7&0Br)mWEV_R&_s9wFi{EALIJOUd!&gyc<N<_q(CktKZ)^
qX{7J0<mCiIPjm*Dw!H;T6QS71B`7Zixi_G4pPShKxrr^7_Wxh(<U;@e

literal 0
HcmV?d00001

diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
index dc88cb31d27..883c1417096 100644
--- a/Tests/test_imagefont.py
+++ b/Tests/test_imagefont.py
@@ -997,3 +997,16 @@ def fake_version_module(module):
     # Act / Assert
     with pytest.warns(DeprecationWarning):
         ImageFont.truetype(FONT_PATH, FONT_SIZE)
+
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf",
+    ],
+)
+def test_oom(test_file):
+    with open(test_file, "rb") as f:
+        font = ImageFont.truetype(BytesIO(f.read()))
+        with pytest.raises(Image.DecompressionBombError):
+            font.getmask("Test Text")
diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
index c48d8983565..2f63ddae6fc 100644
--- a/src/PIL/ImageFont.py
+++ b/src/PIL/ImageFont.py
@@ -669,6 +669,7 @@ def getmask2(
         )
         size = size[0] + stroke_width * 2, size[1] + stroke_width * 2
         offset = offset[0] - stroke_width, offset[1] - stroke_width
+        Image._decompression_bomb_check(size)
         im = fill("RGBA" if mode == "RGBA" else "L", size, 0)
         self.font.render(
             text, im.id, mode, direction, features, language, stroke_width, ink