freetype2/src
Ben Wagner 262b47ac5a [truetype] Keep variation store consistent.
`tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`.  While it
may return an error, the item store must be left in a consistent state so
that any use or destruction of the item store can properly use or free the
data in it.  Before this change the counts from the font data were read
directly into the item store before the actual allocation of the arrays to
which they referred.  There exist many opportunities between the time the
counts are read and the arrays are allocated to return early due to invalid
data.  When this happened the item store claimed to have entires it actually
did not, leading to crashes later when it was used.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449

* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts
into local variables and store them in the item store only after the related
arrays are actually created on the item store.
2023-01-06 07:11:41 +01:00
..
autofit * src/autofit/afloader.c (af_loader_load_glyph): Remove `size` check. 2022-11-20 22:37:08 -05:00
base [base] Report used stream's external status. 2023-01-05 22:05:02 +01:00
bdf [bdf, pfr, psnames] Accelarate charmap searches. 2022-11-06 13:12:47 -05:00
bzip2 Whitespace. 2022-04-01 08:50:33 +02:00
cache * src/cache/ftccmap.c (FTC_CMapCache_Lookup): Avoid `FT_Set_Charmap`. 2022-10-03 17:13:30 +00:00
cff [cff, truetype] Simplify SVG metrics scaling. 2022-10-21 12:14:52 +00:00
cid Update all copyright notices. 2022-01-11 10:54:10 +01:00
dlg Update all copyright notices. 2022-01-11 10:54:10 +01:00
gxvalid Whitespace. 2022-04-01 08:50:33 +02:00
gzip [gzip] Make static compilation not leak global symbols. 2022-12-14 10:44:03 +01:00
lzw * src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Cosmetic macro change. 2022-06-11 23:47:19 -04:00
otvalid * src/otvalid/otvgsub.c (otv_SingleSubst_validate): Fix format 1 handling. 2022-09-15 09:14:06 +02:00
pcf Comments added. 2022-11-18 14:03:19 +00:00
pfr * src/pfr/pfrsbit.c (pfr_lookup_bitmap_data): Accelerate the search. 2022-11-07 21:36:32 -05:00
psaux [psaux] Delay the upem validity assertion. 2022-12-20 16:38:39 +00:00
pshinter Fix clang++ warnings. 2022-03-31 07:49:35 +02:00
psnames [bdf, pfr, psnames] Accelarate charmap searches. 2022-11-06 13:12:47 -05:00
raster Whitespace. 2022-04-01 08:50:33 +02:00
sdf [sdf, sfnt] Handle minor compiler warnings. 2022-12-13 09:53:26 +01:00
sfnt [sfnt] Fix color stop bounds check calculation at table end. 2023-01-05 09:35:32 +01:00
smooth [smooth] Fix GCC LTO crashes on Windows. 2022-06-10 11:34:56 -04:00
svg * src/svg/ftsvg.c (ft_svg_property_set): Disallow NULL pointers. 2022-01-23 19:05:15 +01:00
tools * src/tools/*.py: Migrate to Python 3. 2022-09-28 22:35:49 -04:00
truetype [truetype] Keep variation store consistent. 2023-01-06 07:11:41 +01:00
type1 * src/type1/t1afm.c (T1_Read_PFM): Set charmaps directly. 2022-10-03 19:18:48 -04:00
type42 Whitespace. 2022-04-01 08:50:33 +02:00
winfonts Whitespace. 2022-04-01 08:50:33 +02:00