[truetype] Reset localpoints when varying cvt.

When iterating over the cvt tuples and reading in the points it is necessary to set all of `localpoints`, `points`, and `point_count` in all cases. The existing code did not reset `localpoints` to `NULL` when there were no private point numbers. If the previous tuple did have private point numbers and set `localpoints` to `ALL_POINTS` this would not be cleared and the wrong branch would be taken later, leading to possible heap buffer overflow. * src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL` when it isn't valid. Fixes: https://crbug.com/1284742
2022-01-06 12:54:15 -05:00 · 2022-01-06 12:54:15 -05:00 · afb4ca0151
parent 2b672e7210
commit afb4ca0151
1 changed files with 1 additions and 0 deletions
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@ -3476,6 +3476,7 @@
      }
      else
      {
+        localpoints = NULL;
        points      = sharedpoints;
        point_count = spoint_count;
      }