diff --git a/src/gui/text/qfontengine.cpp b/src/gui/text/qfontengine.cpp
index a2ad2469688..83dab350249 100644
--- a/src/gui/text/qfontengine.cpp
+++ b/src/gui/text/qfontengine.cpp
@@ -396,6 +396,10 @@ bool QFontEngine::processHheaTable() const
             return false;
 
         QFixed unitsPerEm = emSquareSize();
+        // Bail out if values are too large for QFixed
+        const auto limitForQFixed = std::numeric_limits<int>::max() / (fontDef.pixelSize * 64);
+        if (ascent > limitForQFixed || descent > limitForQFixed || leading > limitForQFixed)
+            return false;
         m_ascent = QFixed::fromReal(ascent * fontDef.pixelSize) / unitsPerEm;
         m_descent = -QFixed::fromReal(descent * fontDef.pixelSize) / unitsPerEm;
 
@@ -453,6 +457,11 @@ bool QFontEngine::processOS2Table() const
             // Some fonts may have invalid OS/2 data. We detect this and bail out.
             if (typoAscent == 0 && typoDescent == 0)
                 return false;
+            // Bail out if values are too large for QFixed
+            const auto limitForQFixed = std::numeric_limits<int>::max() / (fontDef.pixelSize * 64);
+            if (typoAscent > limitForQFixed || typoDescent > limitForQFixed
+                    || typoLineGap > limitForQFixed)
+                return false;
             m_ascent = QFixed::fromReal(typoAscent * fontDef.pixelSize) / unitsPerEm;
             m_descent = -QFixed::fromReal(typoDescent * fontDef.pixelSize) / unitsPerEm;
             m_leading = QFixed::fromReal(typoLineGap * fontDef.pixelSize) / unitsPerEm;