diff options
author | Ben Wagner <bungeman@chromium.org> | 2022-11-07 15:11:37 -0500 |
---|---|---|
committer | Ben Wagner <bungeman@chromium.org> | 2022-11-09 19:02:22 +0000 |
commit | d38407f79ed554f256af896a9f8b12ad96fff7e5 (patch) | |
tree | 8e71f021cda70ef3188c540e1c4ab0d498f5e66e | |
parent | 978fdb292a2fda55157cb39525ccddc98c3e1d44 (diff) | |
download | freetype2-d38407f79ed554f256af896a9f8b12ad96fff7e5.tar.gz |
[truetype] Restore behavior of ft_var_load_hvvar
* src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior
In a previous change [0] the behavior of `ft_var_load_hvvar` was changed
to not load the item variation store if it was at offset 0, but not
return an error when this happened. This broke any users, like
`tt_hvadvance_adjust`, that rely on successful completion of
`ft_var_load_hvvar` to imply that returned table's `itemStore` had been
initialized. This lead such users to dereference NULL.
This change appears to have been unintentional and unrelated to the
actual avar2 changes. As a result, fix these NULL dereferences by
restoring the code to always attempt to initialize the `itemStore`.
[0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format."
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
-rw-r--r-- | src/truetype/ttgxvar.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c index 663fb2e48..1bc8f9dee 100644 --- a/src/truetype/ttgxvar.c +++ b/src/truetype/ttgxvar.c @@ -929,15 +929,12 @@ table = blend->hvar_table; } - if ( store_offset ) - { - error = tt_var_load_item_variation_store( - face, - table_offset + store_offset, - &table->itemStore ); - if ( error ) - goto Exit; - } + error = tt_var_load_item_variation_store( + face, + table_offset + store_offset, + &table->itemStore ); + if ( error ) + goto Exit; if ( widthMap_offset ) { |