[freetype2] master 68dddcd: [truetype] Better protection against invalid VF data.

[Werner LEMBERG]

branch: master
commit 68dddcdcbe18a08d778026efc01b1369e35cbf6a
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [truetype] Better protection against invalid VF data.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739
    
    Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7.
    
    * src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize
    `normalizedcoords'.
---
 ChangeLog              | 13 +++++++++++++
 src/truetype/ttgxvar.c |  5 +++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fff4a41..0708e5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
 2018-01-27  Werner Lemberg  <address@hidden>
 
+       [truetype] Better protection against invalid VF data.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739
+
+       Bug introduced in commit 08cd62deedefe217f2ea50e392923ce8b5bc7ac7.
+
+       * src/truetype/ttgxvar.c (TT_Set_Var_Design): Always initialize
+       `normalizedcoords'.
+
+2018-01-27  Werner Lemberg  <address@hidden>
+
        * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.
 
        Reported as
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 615a693..a2bfc88 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2821,8 +2821,9 @@
       }
     }
 
-    /* return value -1 indicates `no change' */
-    if ( !have_diff )
+    /* return value -1 indicates `no change';                      */
+    /* we can exit early if `normalizedcoords' is already computed */
+    if ( blend->normalizedcoords && !have_diff )
       return -1;
 
     if ( FT_NEW_ARRAY( normalized, mmvar->num_axis ) )