From 1f4e5bcb19eaa9170466c8d845edfd11aba54937 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Thu, 3 Oct 2019 21:07:16 +0200
Subject: [PATCH] * src/sfnt/sfwoff2 (reconstruct_font): Fix reallocation.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17966
---
 ChangeLog          | 8 ++++++++
 src/sfnt/sfwoff2.c | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c65dcb855..1246f1659 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-10-03  Werner Lemberg  <wl@gnu.org>
+
+	* src/sfnt/sfwoff2 (reconstruct_font): Fix reallocation.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17966
+
 2019-10-01  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	* src/base/ftstroke.c (ft_stroker_inside): Speed up.
diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
index 3f5b00ee7..32a797b79 100644
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -1706,6 +1706,9 @@
     if ( !error )
       error = FT_THROW( Invalid_Table );
 
+    /* Set pointer of sfnt stream to its correct value. */
+    *sfnt_bytes = sfnt;
+
     FT_FREE( table_entry );
     FT_Stream_Close( stream );
     FT_FREE( stream );