Fix pointer underflow.

The declaration of `edge2' can be reached with `edge1 == NULL' and
`axis->edges == 0' which results in undefined behaviour.

* src/autofit/afloader.c (af_loader_load_glyph): Initialise `edge2'
after checking `axis->num_edges > 1'.  `edge1 != NULL' can be assumed.

ChangeLog

@@ -1,3 +1,13 @@
+2018-05-30  Armin Hasitzka  <prince.cherusker@gmail.com>
+
+	Fix pointer underflow.
+
+	The declaration of `edge2' can be reached with `edge1 == NULL' and
+	`axis->edges == 0' which results in undefined behaviour.
+
+	* src/autofit/afloader.c (af_loader_load_glyph): Initialise `edge2'
+	after checking `axis->num_edges > 1'.  `edge1 != NULL' can be assumed.
+
 2018-05-30  Werner Lemberg  <wl@gnu.org>
 
 	Various minor color fixes.

src/autofit/afloader.c

@@ -434,13 +434,14 @@
         FT_Pos  pp1x_uh, pp2x_uh;
 
         AF_AxisHints  axis  = &hints->axis[AF_DIMENSION_HORZ];
-        AF_Edge       edge1 = axis->edges;         /* leftmost edge  */
-        AF_Edge       edge2 = edge1 +
-                              axis->num_edges - 1; /* rightmost edge */
+        AF_Edge       edge1 = axis->edges; /* leftmost edge  */
+        AF_Edge       edge2;               /* rightmost edge */
 
 
         if ( axis->num_edges > 1 && AF_HINTS_DO_ADVANCE( hints ) )
         {
+          edge2 = edge1 + axis->num_edges - 1;
+
           old_rsb = loader->pp2.x - edge2->opos;
           /* loader->pp1.x is always zero at this point of time */
           old_lsb = edge1->opos /* - loader->pp1.x */;