[truetype] Better protection against invalid VF data.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739

Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7.

* src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize
`normalizedcoords'.

2 files changed, 16 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index fff4a4141..0708e5e75 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
 2018-01-27  Werner Lemberg  <wl@gnu.org>
 
+	[truetype] Better protection against invalid VF data.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739
+
+	Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7.
+
+	* src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize
+	`normalizedcoords'.
+
+2018-01-27  Werner Lemberg  <wl@gnu.org>
+
 	* src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.
 
 	Reported as
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 615a693aa..a2bfc88d7 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2821,8 +2821,9 @@
       }
     }
 
-    /* return value -1 indicates `no change' */
-    if ( !have_diff )
+    /* return value -1 indicates `no change';                      */
+    /* we can exit early if `normalizedcoords' is already computed */
+    if ( blend->normalizedcoords && !have_diff )
       return -1;
 
     if ( FT_NEW_ARRAY( normalized, mmvar->num_axis ) )