[freetype2] master d38407f79: [truetype] Restore behavior of ft_var_load_hvvar

[Werner Lemberg]

branch: master
commit d38407f79ed554f256af896a9f8b12ad96fff7e5
Author: Ben Wagner <bungeman@chromium.org>
Commit: Ben Wagner <bungeman@chromium.org>

    [truetype] Restore behavior of ft_var_load_hvvar
    
    * src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior
    
    In a previous change [0] the behavior of `ft_var_load_hvvar` was changed
    to not load the item variation store if it was at offset 0, but not
    return an error when this happened. This broke any users, like
    `tt_hvadvance_adjust`, that rely on successful completion of
    `ft_var_load_hvvar` to imply that returned table's `itemStore` had been
    initialized. This lead such users to dereference NULL.
    
    This change appears to have been unintentional and unrelated to the
    actual avar2 changes. As a result, fix these NULL dereferences by
    restoring the code to always attempt to initialize the `itemStore`.
    
    [0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format."
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
---
 src/truetype/ttgxvar.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 663fb2e48..1bc8f9dee 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -929,15 +929,12 @@
       table = blend->hvar_table;
     }
 
-    if ( store_offset )
-    {
-      error = tt_var_load_item_variation_store(
-                face,
-                table_offset + store_offset,
-                &table->itemStore );
-      if ( error )
-        goto Exit;
-    }
+    error = tt_var_load_item_variation_store(
+              face,
+              table_offset + store_offset,
+              &table->itemStore );
+    if ( error )
+      goto Exit;
 
     if ( widthMap_offset )
     {