From 37b718d5899bc4a85425fcc548a7636871808f96 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 15 Aug 2022 10:44:05 +0100
Subject: [PATCH] [base, type1] Better handling of out-of-memory situations.

This follows similar code in `cff_slot_done`.

* src/base/ftobjs.c (ft_glyphslot_done), src/type1/t1objs.c
(T1_GlyphSlot_Done): Check `internal` pointer.

The Type1 problems was reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50057.
---
 src/base/ftobjs.c  | 5 +++--
 src/type1/t1objs.c | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 6d6e0e80a..65945cbeb 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -631,8 +631,9 @@
 #ifdef FT_CONFIG_OPTION_SVG
     if ( slot->face->face_flags & FT_FACE_FLAG_SVG )
     {
-      /* free memory in case SVG was there */
-      if ( slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
+      /* Free memory in case SVG was there.                          */
+      /* `slot->internal` might be NULL in out-of-memory situations. */
+      if ( slot->internal && slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
       {
         FT_SVG_Document  doc = (FT_SVG_Document)slot->other;
 
diff --git a/src/type1/t1objs.c b/src/type1/t1objs.c
index 847ae0e64..fa4a13b53 100644
--- a/src/type1/t1objs.c
+++ b/src/type1/t1objs.c
@@ -146,7 +146,9 @@
   FT_LOCAL_DEF( void )
   T1_GlyphSlot_Done( FT_GlyphSlot  slot )
   {
-    slot->internal->glyph_hints = NULL;
+    /* `slot->internal` might be NULL in out-of-memory situations. */
+    if ( slot->internal )
+      slot->internal->glyph_hints = NULL;
   }