forked from minhngoc25a/freetype2
* src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`.
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design` explictly call `tt_set_mm_blend` with `coords` as `NULL`. In addition, `TT_Set_MM_Blend` has a similar possible issue.
This commit is contained in:
parent
286da6c528
commit
d3dc2da9b2
|
@ -1,3 +1,12 @@
|
||||||
|
2021-07-01 Ben Wagner <bungeman@chromium.org>
|
||||||
|
|
||||||
|
* src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`.
|
||||||
|
|
||||||
|
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
|
||||||
|
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
|
||||||
|
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
|
||||||
|
addition, `TT_Set_MM_Blend` has a similar possible issue.
|
||||||
|
|
||||||
2021-06-30 Dominik Röttsches <drott@chromium.org>
|
2021-06-30 Dominik Röttsches <drott@chromium.org>
|
||||||
|
|
||||||
[sfnt] Support PaintScale in 'COLR' v1 parsing.
|
[sfnt] Support PaintScale in 'COLR' v1 parsing.
|
||||||
|
|
|
@ -2663,9 +2663,10 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
blend->num_axis = mmvar->num_axis;
|
blend->num_axis = mmvar->num_axis;
|
||||||
FT_MEM_COPY( blend->normalizedcoords,
|
if ( coords )
|
||||||
coords,
|
FT_MEM_COPY( blend->normalizedcoords,
|
||||||
num_coords * sizeof ( FT_Fixed ) );
|
coords,
|
||||||
|
num_coords * sizeof ( FT_Fixed ) );
|
||||||
|
|
||||||
if ( set_design_coords )
|
if ( set_design_coords )
|
||||||
ft_var_to_design( face,
|
ft_var_to_design( face,
|
||||||
|
|
Loading…
Reference in New Issue