From a4434747558d872c55e55ce428019a8e15d222dc Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Sat, 20 Jun 2020 05:31:34 +0200
Subject: [PATCH] [cff] Fix handling of `style_name == NULL' (#58630).

* src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails
by returning NULL in `cff_face_init', `remove_style' is still
called.  This means that the NULL pointer is dereferenced, causing a
crash.
---
 ChangeLog         | 9 +++++++++
 src/cff/cffobjs.c | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3473057b3..858c696bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2020-06-20  Sebastian Rasmussen  <sebras@gmail.com>
+
+	[cff] Fix handling of `style_name == NULL' (#58630).
+
+	* src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails
+	by returning NULL in `cff_face_init', `remove_style' is still
+	called.  This means that the NULL pointer is dereferenced, causing a
+	crash.
+
 2020-06-19  Sebastian Rasmussen  <sebras@gmail.com>
 
 	[cff] Fix another two memory leaks (#58629).
diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
index 51430b2e3..d555d5235 100644
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@@ -950,7 +950,8 @@
                 style_name = cff_strcpy( memory, fullp );
 
                 /* remove the style part from the family name (if present) */
-                remove_style( cffface->family_name, style_name );
+                if ( style_name )
+                  remove_style( cffface->family_name, style_name );
               }
               break;
             }