[pshinter] Avoid accessing uninitialized zone.

The `normal_top.count` may be 0, implying no `normal_top.zones` exist. The code must not access these (non-existent) `normal_top.zones`. * src/pshinter/pshalgo.c (ps_hints_apply): Do not assume that `normal_top.zones[0]` is initialized. Test `normal_top.count` before using `normal_top.zones[0]`. Do not rescale if there are no `zones`. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43675
author: Ben Wagner <bungeman@chromium.org> 2022-01-15 17:08:18 -0500
committer: Ben Wagner <bungeman@chromium.org> 2022-01-15 17:21:39 -0500
commit: 5e227133c16c1c9ff41a18a2b411a20afe81be6c (patch)
tree: 257946c41bd71e800be665f850d61a021066d6b2
parent: edd4fedc5427cf1cf1f4b045e53ff91eb282e9d4 (diff)
download: freetype2-5e227133c16c1c9ff41a18a2b411a20afe81be6c.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/src/pshinter/pshalgo.c b/src/pshinter/pshalgo.c
index d68426359..1616c43fb 100644
--- a/src/pshinter/pshalgo.c
+++ b/src/pshinter/pshalgo.c
@@ -2110,14 +2110,17 @@
       FT_Fixed  old_x_scale = x_scale;
       FT_Fixed  old_y_scale = y_scale;
 
-      FT_Fixed  scaled;
-      FT_Fixed  fitted;
+      FT_Fixed  scaled = 0;
+      FT_Fixed  fitted = 0;
 
       FT_Bool  rescale = FALSE;
 
 
-      scaled = FT_MulFix( globals->blues.normal_top.zones->org_ref, y_scale );
-      fitted = FT_PIX_ROUND( scaled );
+      if ( globals->blues.normal_top.count )
+      {
+        scaled = FT_MulFix( globals->blues.normal_top.zones->org_ref, y_scale );
+        fitted = FT_PIX_ROUND( scaled );
+      }
 
       if ( fitted != 0 && scaled != fitted )
       {
author	Ben Wagner <bungeman@chromium.org>	2022-01-15 17:08:18 -0500
committer	Ben Wagner <bungeman@chromium.org>	2022-01-15 17:21:39 -0500
commit	5e227133c16c1c9ff41a18a2b411a20afe81be6c (patch)
tree	257946c41bd71e800be665f850d61a021066d6b2
parent	edd4fedc5427cf1cf1f4b045e53ff91eb282e9d4 (diff)
download	freetype2-5e227133c16c1c9ff41a18a2b411a20afe81be6c.tar.gz