[truetype] Fix assertion failure.

Triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212

* src/truetype/ttgload.c (load_truetype_glyph): Reintroduce
`opened_frame' (removed in a change from 2018-08-26) to handle
dealloation of the second frame.
This commit is contained in:
Werner Lemberg 2018-09-07 06:40:55 +02:00
parent f8af8fba78
commit 1c04eed76f
2 changed files with 21 additions and 0 deletions
ChangeLog
src/truetype

View File

@ -1,3 +1,15 @@
2018-09-07 Werner Lemberg <wl@gnu.org>
[truetype] Fix assertion failure.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212
* src/truetype/ttgload.c (load_truetype_glyph): Reintroduce
`opened_frame' (removed in a change from 2018-08-26) to handle
dealloation of the second frame.
2018-09-05 Werner Lemberg <wl@gnu.org>
Synchronize `ftdebug.c' files.

View File

@ -1537,6 +1537,8 @@
TT_Face face = loader->face;
FT_GlyphLoader gloader = loader->gloader;
FT_Bool opened_frame = 0;
#ifdef FT_CONFIG_OPTION_INCREMENTAL
FT_StreamRec inc_stream;
FT_Data glyph_data;
@ -1768,6 +1770,8 @@
if ( error )
goto Exit;
opened_frame = 1;
/* if it is a simple glyph, load it */
if ( loader->n_contours > 0 )
@ -1778,6 +1782,7 @@
/* all data have been read */
face->forget_glyph_frame( loader );
opened_frame = 0;
error = TT_Process_Simple_Glyph( loader );
if ( error )
@ -1851,6 +1856,7 @@
/* all data we need are read */
face->forget_glyph_frame( loader );
opened_frame = 0;
#ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
@ -2105,6 +2111,9 @@
Exit:
if ( opened_frame )
face->forget_glyph_frame( loader );
#ifdef FT_CONFIG_OPTION_INCREMENTAL
if ( glyph_data_loaded )