[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master afb4ca015: [truetype] Reset localpoints when varying
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master afb4ca015: [truetype] Reset localpoints when varying cvt. |
|
Date: |
Thu, 6 Jan 2022 13:15:06 -0500 (EST) |
branch: master
commit afb4ca0151959a8bedfb39a9a9140504168be7ea
Author: Ben Wagner <bungeman@chromium.org>
Commit: Werner Lemberg <wl@gnu.org>
[truetype] Reset localpoints when varying cvt.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases. The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers. If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.
Fixes: https://crbug.com/1284742
---
src/truetype/ttgxvar.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 7f2db0cbd..55ff152e7 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -3476,6 +3476,7 @@
}
else
{
+ localpoints = NULL;
points = sharedpoints;
point_count = spoint_count;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master afb4ca015: [truetype] Reset localpoints when varying cvt.,
Werner Lemberg <=