diff options
author | Ben Wagner <bungeman@chromium.org> | 2022-11-07 16:58:56 -0500 |
---|---|---|
committer | Ben Wagner <bungeman@chromium.org> | 2022-11-09 19:15:26 +0000 |
commit | 9154707f6bc9592e0761376d3bf00ffc00275781 (patch) | |
tree | 1851bf640ba7c5fa49f46ac586edb493403ffbd3 /src | |
parent | d38407f79ed554f256af896a9f8b12ad96fff7e5 (diff) | |
download | freetype2-9154707f6bc9592e0761376d3bf00ffc00275781.tar.gz |
[truetype] Check avar_segment before access
* src/truetype/ttgxvar.c (tt_done_blend): check `avar_segment` before
accessing to free its `correspondence`.
Reported as:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53062
Diffstat (limited to 'src')
-rw-r--r-- | src/truetype/ttgxvar.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c index 1bc8f9dee..71ff20e35 100644 --- a/src/truetype/ttgxvar.c +++ b/src/truetype/ttgxvar.c @@ -4500,9 +4500,12 @@ if ( blend->avar_table ) { - for ( i = 0; i < num_axes; i++ ) - FT_FREE( blend->avar_table->avar_segment[i].correspondence ); - FT_FREE( blend->avar_table->avar_segment ); + if ( blend->avar_table->avar_segment ) + { + for ( i = 0; i < num_axes; i++ ) + FT_FREE( blend->avar_table->avar_segment[i].correspondence ); + FT_FREE( blend->avar_table->avar_segment ); + } tt_var_done_item_variation_store( face, &blend->avar_table->itemStore ); |