rgraves
/
freetype2
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`. 

It is undefined behavior to pass `NULL` to `memcpy`.  `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`.  In
addition, `TT_Set_MM_Blend` has a similar possible issue.
This commit is contained in:
Ben Wagner 2021-06-30 18:22:29 -04:00 committed by Werner Lemberg
parent 286da6c528
commit d3dc2da9b2
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,12 @@
2021-07-01 Ben Wagner <bungeman@chromium.org>
* src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`.
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
addition, `TT_Set_MM_Blend` has a similar possible issue.
2021-06-30 Dominik Röttsches <drott@chromium.org>
[sfnt] Support PaintScale in 'COLR' v1 parsing.

7
src/truetype/ttgxvar.c
View File

@ -2663,9 +2663,10 @@
}
blend->num_axis = mmvar->num_axis;
FT_MEM_COPY( blend->normalizedcoords,
coords,
num_coords * sizeof ( FT_Fixed ) );
if ( coords )
FT_MEM_COPY( blend->normalizedcoords,
coords,
num_coords * sizeof ( FT_Fixed ) );
if ( set_design_coords )
ft_var_to_design( face,