From ec9e5114b1fc878d8e26611ceacd7b2a2400a73c Mon Sep 17 00:00:00 2001
From: Alexei Podtelezhnikov <apodtele@gmail.com>
Date: Fri, 23 Apr 2021 14:03:03 -0400
Subject: [PATCH] [cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized
 buffers.

* src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name):
Do not zero out the buffer.
* src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto.
* src/type1/t1load.c (parse_subrs, parse_charstrings,
parse_blend_axis_types): Ditto.
* src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto.
* src/type42/t42parse.c (t42_parser_init): Ditto.
---
 ChangeLog             | 12 ++++++++++++
 src/cff/cffdrivr.c    |  2 +-
 src/cff/cffload.c     | 11 +++++------
 src/type1/t1load.c    |  6 +++---
 src/type1/t1parse.c   |  8 ++++----
 src/type42/t42parse.c |  2 +-
 6 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 60d5d84c7..81a43a836 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2021-04-23  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
+
+	* src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name):
+	Do not zero out the buffer.
+	* src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto.
+	* src/type1/t1load.c (parse_subrs, parse_charstrings,
+	parse_blend_axis_types): Ditto.
+	* src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto.
+	* src/type42/t42parse.c (t42_parser_init): Ditto.
+
 2021-04-23  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[cid] s/FT_ALLOC/FT_QALLOC/ and clean up.
diff --git a/src/cff/cffdrivr.c b/src/cff/cffdrivr.c
index 33d161a27..9bde3c7b7 100644
--- a/src/cff/cffdrivr.c
+++ b/src/cff/cffdrivr.c
@@ -478,7 +478,7 @@
       FT_Memory        memory    = face->root.memory;
 
 
-      if ( FT_ALLOC( font_info, sizeof ( *font_info ) ) )
+      if ( FT_QALLOC( font_info, sizeof ( *font_info ) ) )
         goto Fail;
 
       font_info->version     = cff_index_get_sid_string( cff,
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index d3c3323ee..210ada1be 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -426,9 +426,9 @@
 
     new_size = idx->data_size + idx->count;
 
-    if ( idx->count > 0                                &&
-         !FT_NEW_ARRAY( tbl, idx->count + 1 )          &&
-         ( !pool || !FT_ALLOC( new_bytes, new_size ) ) )
+    if ( idx->count > 0                                 &&
+         !FT_NEW_ARRAY( tbl, idx->count + 1 )           &&
+         ( !pool || !FT_QALLOC( new_bytes, new_size ) ) )
     {
       FT_ULong  n, cur_offset;
       FT_ULong  extra     = 0;
@@ -634,10 +634,9 @@
     if ( error )
       goto Exit;
 
-    if ( !FT_ALLOC( name, byte_len + 1 ) )
+    if ( !FT_QALLOC( name, byte_len + 1 ) )
     {
-      if ( byte_len )
-        FT_MEM_COPY( name, bytes, byte_len );
+      FT_MEM_COPY( name, bytes, byte_len );
       name[byte_len] = 0;
     }
     cff_index_forget_element( idx, &bytes );
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index b9925aea9..fe6239f98 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -851,7 +851,7 @@
         FT_FREE( name );
       }
 
-      if ( FT_ALLOC( blend->axis_names[n], len + 1 ) )
+      if ( FT_QALLOC( blend->axis_names[n], len + 1 ) )
         goto Exit;
 
       name = (FT_Byte*)blend->axis_names[n];
@@ -1858,7 +1858,7 @@
         }
 
         /* t1_decrypt() shouldn't write to base -- make temporary copy */
-        if ( FT_ALLOC( temp, size ) )
+        if ( FT_QALLOC( temp, size ) )
           goto Fail;
         FT_MEM_COPY( temp, base, size );
         psaux->t1_decrypt( temp, size, 4330 );
@@ -2068,7 +2068,7 @@
           }
 
           /* t1_decrypt() shouldn't write to base -- make temporary copy */
-          if ( FT_ALLOC( temp, size ) )
+          if ( FT_QALLOC( temp, size ) )
             goto Fail;
           FT_MEM_COPY( temp, base, size );
           psaux->t1_decrypt( temp, size, 4330 );
diff --git a/src/type1/t1parse.c b/src/type1/t1parse.c
index 5c529d3b4..9f226296a 100644
--- a/src/type1/t1parse.c
+++ b/src/type1/t1parse.c
@@ -221,7 +221,7 @@
     else
     {
       /* read segment in memory -- this is clumsy, but so does the format */
-      if ( FT_ALLOC( parser->base_dict, size )       ||
+      if ( FT_QALLOC( parser->base_dict, size )      ||
            FT_STREAM_READ( parser->base_dict, size ) )
         goto Exit;
       parser->base_len = size;
@@ -302,8 +302,8 @@
         goto Fail;
       }
 
-      if ( FT_STREAM_SEEK( start_pos )                           ||
-           FT_ALLOC( parser->private_dict, parser->private_len ) )
+      if ( FT_STREAM_SEEK( start_pos )                            ||
+           FT_QALLOC( parser->private_dict, parser->private_len ) )
         goto Fail;
 
       parser->private_len = 0;
@@ -450,7 +450,7 @@
       if ( parser->in_memory )
       {
         /* note that we allocate one more byte to put a terminating `0' */
-        if ( FT_ALLOC( parser->private_dict, size + 1 ) )
+        if ( FT_QALLOC( parser->private_dict, size + 1 ) )
           goto Fail;
         parser->private_len = size;
       }
diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c
index e8e003a17..9cd9e6c67 100644
--- a/src/type42/t42parse.c
+++ b/src/type42/t42parse.c
@@ -197,7 +197,7 @@
     else
     {
       /* read segment in memory */
-      if ( FT_ALLOC( parser->base_dict, size )       ||
+      if ( FT_QALLOC( parser->base_dict, size )      ||
            FT_STREAM_READ( parser->base_dict, size ) )
         goto Exit;