[autofit] Avoid potential SEGV if running out of memory.

Problem reported by Shailesh Mistry <shailesh.mistry@hotmail.co.uk>.

* src/autofit/afshaper.c (af_shaper_buf_create,
af_shaper_buf_destroy) [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Don't
allocate and free a four-byte buffer.  Instead, make those functions
no-ops; the calling functions will provide a pointer to a buffer
instead.

* src/autofit/afcjk.c (af_cjk_metrics_init_widths,
af_cjk_metrics_init_blues, af_cjk_metrics_check_digits),
src/autofit/aflatin.c (af_latin_metrics_init_widths,
af_latin_metrics_init_blues, af_latin_metrics_check_digits)
[!FT_CONFIG_OPTION_USE_HARFBUZZ]: Use pointer to local variable for
`shaper_buf'.

ChangeLog

@@ -1,10 +1,29 @@
+2018-05-08  Werner Lemberg  <wl@gnu.org>
+
+	[autofit] Avoid potential SEGV if running out of memory.
+
+	Problem reported by Shailesh Mistry <shailesh.mistry@hotmail.co.uk>.
+
+	* src/autofit/afshaper.c (af_shaper_buf_create,
+	af_shaper_buf_destroy) [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Don't
+	allocate and free a four-byte buffer.  Instead, make those functions
+	no-ops; the calling functions will provide a pointer to a buffer
+	instead.
+
+	* src/autofit/afcjk.c (af_cjk_metrics_init_widths,
+	af_cjk_metrics_init_blues, af_cjk_metrics_check_digits),
+	src/autofit/aflatin.c (af_latin_metrics_init_widths,
+	af_latin_metrics_init_blues, af_latin_metrics_check_digits)
+	[!FT_CONFIG_OPTION_USE_HARFBUZZ]: Use pointer to local variable for
+	`shaper_buf'.
+
 2018-05-07  Nikolaus Waxweiler  <madigens@gmail.com>
 
-	CMake: Allow using project as subfolder in other project
+	[cmake] Allow using project as subfolder in other project.
 
-	* CMakeLists.txt: Test for CMake build directory being diffent from source
+	* CMakeLists.txt: Test for CMake build directory being different
-	directory. Provide other parts of the build system access the full include
+	from source directory.  Provide other parts of the build system
-	directory.
+	access the full include directory.
 
 2018-05-07  Werner Lemberg  <wl@gnu.org>
 
@@ -24,6 +43,7 @@
 2018-05-04  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
 	Support symbol visibility features of Sun / Oracle C compilers.
+
 	Reported by Kiyoshi Kanazawa:
 	https://lists.gnu.org/archive/html/freetype-devel/2018-05/msg00008.html
 	Thanks to the suggestions by Alexei and Alan Coopersmith.
@@ -44,7 +64,6 @@
 
 	* CMakeLists.txt: Generate ftconfig.h on non-UNIX.
 
-
 2018-05-02  Werner Lemberg  <wl@gnu.org>
 
 	Remove FT_CONFIG_OPTION_PIC and related code.

src/autofit/afcjk.c

@@ -94,15 +94,26 @@
       AF_StyleClass   style_class  = metrics->root.style_class;
       AF_ScriptClass  script_class = af_script_classes[style_class->script];
 
-      void*        shaper_buf;
+      /* If HarfBuzz is not available, we need a pointer to a single */
+      /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+      void*     shaper_buf;
+#else
+      FT_ULong  shaper_buf_;
+      void*     shaper_buf = &shaper_buf_;
+#endif
+
       const char*  p;
 
 #ifdef FT_DEBUG_LEVEL_TRACE
       FT_ULong  ch = 0;
 #endif
 
-      p          = script_class->standard_charstring;
+      p = script_class->standard_charstring;
+
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
       shaper_buf = af_shaper_buf_create( face );
+#endif
 
       /* We check a list of standard characters.  The first match wins. */
 
@@ -290,7 +301,14 @@
     AF_Blue_Stringset         bss = sc->blue_stringset;
     const AF_Blue_StringRec*  bs  = &af_blue_stringsets[bss];
 
-    void*  shaper_buf;
+    /* If HarfBuzz is not available, we need a pointer to a single */
+    /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+    void*     shaper_buf;
+#else
+    FT_ULong  shaper_buf_;
+    void*     shaper_buf = &shaper_buf_;
+#endif
 
 
     /* we walk over the blue character strings as specified in the   */
@@ -301,7 +319,9 @@
                 "==========================\n"
                 "\n" ));
 
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
     shaper_buf = af_shaper_buf_create( face );
+#endif
 
     for ( ; bs->string != AF_BLUE_STRING_MAX; bs++ )
     {
@@ -559,15 +579,25 @@
     FT_Bool   started = 0, same_width = 1;
     FT_Fixed  advance = 0, old_advance = 0;
 
-    void*  shaper_buf;
+    /* If HarfBuzz is not available, we need a pointer to a single */
+    /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+    void*     shaper_buf;
+#else
+    FT_ULong  shaper_buf_;
+    void*     shaper_buf = &shaper_buf_;
+#endif
 
     /* in all supported charmaps, digits have character codes 0x30-0x39 */
     const char   digits[] = "0 1 2 3 4 5 6 7 8 9";
     const char*  p;
 
 
-    p          = digits;
+    p = digits;
+
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
     shaper_buf = af_shaper_buf_create( face );
+#endif
 
     while ( *p )
     {

src/autofit/aflatin.c

@@ -85,16 +85,27 @@
       AF_StyleClass   style_class  = metrics->root.style_class;
       AF_ScriptClass  script_class = af_script_classes[style_class->script];
 
-      void*        shaper_buf;
+      /* If HarfBuzz is not available, we need a pointer to a single */
+      /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+      void*     shaper_buf;
+#else
+      FT_ULong  shaper_buf_;
+      void*     shaper_buf = &shaper_buf_;
+#endif
+
       const char*  p;
 
 #ifdef FT_DEBUG_LEVEL_TRACE
       FT_ULong  ch = 0;
 #endif
 
-      p          = script_class->standard_charstring;
-      shaper_buf = af_shaper_buf_create( face );
 
+      p = script_class->standard_charstring;
+
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+      shaper_buf = af_shaper_buf_create( face );
+#endif
       /*
        * We check a list of standard characters to catch features like
        * `c2sc' (small caps from caps) that don't contain lowercase letters
@@ -323,7 +334,14 @@
 
     FT_Pos  flat_threshold = FLAT_THRESHOLD( metrics->units_per_em );
 
-    void*  shaper_buf;
+    /* If HarfBuzz is not available, we need a pointer to a single */
+    /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+    void*     shaper_buf;
+#else
+    FT_ULong  shaper_buf_;
+    void*     shaper_buf = &shaper_buf_;
+#endif
 
 
     /* we walk over the blue character strings as specified in the */
@@ -333,7 +351,9 @@
                 "============================\n"
                 "\n" ));
 
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
     shaper_buf = af_shaper_buf_create( face );
+#endif
 
     for ( ; bs->string != AF_BLUE_STRING_MAX; bs++ )
     {
@@ -1030,15 +1050,25 @@
     FT_Bool   started = 0, same_width = 1;
     FT_Fixed  advance = 0, old_advance = 0;
 
-    void*  shaper_buf;
+    /* If HarfBuzz is not available, we need a pointer to a single */
+    /* unsigned long value.                                        */
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
+    void*     shaper_buf;
+#else
+    FT_ULong  shaper_buf_;
+    void*     shaper_buf = &shaper_buf_;
+#endif
 
     /* in all supported charmaps, digits have character codes 0x30-0x39 */
     const char   digits[] = "0 1 2 3 4 5 6 7 8 9";
     const char*  p;
 
 
-    p          = digits;
+    p = digits;
+
+#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ
     shaper_buf = af_shaper_buf_create( face );
+#endif
 
     while ( *p )
     {

src/autofit/afshaper.c

@@ -591,14 +591,9 @@
   void*
   af_shaper_buf_create( FT_Face  face )
   {
-    FT_Error   error;
+    FT_UNUSED( face );
-    FT_Memory  memory = face->memory;
-    FT_ULong*  buf;
 
-
+    return NULL;
-    FT_MEM_ALLOC( buf, sizeof ( FT_ULong ) );
-
-    return (void*)buf;
   }
 
 
@@ -606,10 +601,8 @@
   af_shaper_buf_destroy( FT_Face  face,
                          void*    buf )
   {
-    FT_Memory  memory = face->memory;
+    FT_UNUSED( face );
-
+    FT_UNUSED( buf );
-
-    FT_FREE( buf );
   }