ref: 68dddcdcbe18a08d778026efc01b1369e35cbf6a
parent: 29c759284e305ec428703c9a5831d0b1fc3497ef
author: Werner Lemberg <wl@gnu.org>
date: Sat Jan 27 18:59:30 EST 2018
[truetype] Better protection against invalid VF data. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739 Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7. * src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize `normalizedcoords'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
2018-01-27 Werner Lemberg <wl@gnu.org>
+ [truetype] Better protection against invalid VF data.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739
+
+ Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7.
+
+ * src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize
+ `normalizedcoords'.
+
+2018-01-27 Werner Lemberg <wl@gnu.org>
+
* src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.
Reported as
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2821,8 +2821,9 @@
}
}
- /* return value -1 indicates `no change' */
- if ( !have_diff )
+ /* return value -1 indicates `no change'; */
+ /* we can exit early if `normalizedcoords' is already computed */
+ if ( blend->normalizedcoords && !have_diff )
return -1;
if ( FT_NEW_ARRAY( normalized, mmvar->num_axis ) )
--
⑨