[Git][freetype/freetype][master] [truetype] Restore behavior of ft_var_load_hvvar

[Ben Wagner (@bungeman)]

Ben Wagner pushed to branch master at FreeType / FreeType

Commits:

• d38407f7
  by Ben Wagner at 2022-11-09T19:02:22+00:00

  [truetype] Restore behavior of ft_var_load_hvvar
  
  * src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior
  
  In a previous change [0] the behavior of `ft_var_load_hvvar` was changed
  to not load the item variation store if it was at offset 0, but not
  return an error when this happened. This broke any users, like
  `tt_hvadvance_adjust`, that rely on successful completion of
  `ft_var_load_hvvar` to imply that returned table's `itemStore` had been
  initialized. This lead such users to dereference NULL.
  
  This change appears to have been unintentional and unrelated to the
  actual avar2 changes. As a result, fix these NULL dereferences by
  restoring the code to always attempt to initialize the `itemStore`.
  
  [0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format."
  
  Reported as
  
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
  

1 changed file:

• src/truetype/ttgxvar.c

Changes:

src/truetype/ttgxvar.c

---

...	...	@@ -929,15 +929,12 @@
929	929	table = blend->hvar_table;
930	930	}
931	931
932		- if ( store_offset )
933		- {
934		- error = tt_var_load_item_variation_store(
935		- face,
936		- table_offset + store_offset,
937		- &table->itemStore );
938		- if ( error )
939		- goto Exit;
940		- }
	932	+ error = tt_var_load_item_variation_store(
	933	+ face,
	934	+ table_offset + store_offset,
	935	+ &table->itemStore );
	936	+ if ( error )
	937	+ goto Exit;
941	938
942	939	if ( widthMap_offset )
943	940	{

—
View it on GitLab.
You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help