* src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
author: Werner Lemberg <wl@gnu.org> 2018-01-27 14:43:43 +0100
committer: Werner Lemberg <wl@gnu.org> 2018-01-27 14:43:43 +0100
commit: 29c759284e305ec428703c9a5831d0b1fc3497ef (patch)
tree: 81256f7ad987a6c0264c5324ed5e09143d2df121
parent: f438e069723c1e7a7a226e05f677a5e17e346a67 (diff)
download: freetype-29c759284e305ec428703c9a5831d0b1fc3497ef.tar.gz
2 files changed, 18 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 15ef4ae31..fff4a4141 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2018-01-27  Werner Lemberg  <wl@gnu.org>
 
+	* src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
+
+2018-01-27  Werner Lemberg  <wl@gnu.org>
+
 	* src/truetype/ttgxvar.c (tt_set_mm_blend): Minor.
 
 2018-01-27  Werner Lemberg  <wl@gnu.org>
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index d855aaaa9..551f14a2e 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -7532,8 +7532,16 @@
       return;
     }
 
-    for ( i = 0; i < num_axes; i++ )
-      args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+    if ( coords )
+    {
+      for ( i = 0; i < num_axes; i++ )
+        args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+    }
+    else
+    {
+      for ( i = 0; i < num_axes; i++ )
+        args[i] = 0;
+    }
   }
author	Werner Lemberg <wl@gnu.org>	2018-01-27 14:43:43 +0100
committer	Werner Lemberg <wl@gnu.org>	2018-01-27 14:43:43 +0100
commit	29c759284e305ec428703c9a5831d0b1fc3497ef (patch)
tree	81256f7ad987a6c0264c5324ed5e09143d2df121
parent	f438e069723c1e7a7a226e05f677a5e17e346a67 (diff)
download	freetype-29c759284e305ec428703c9a5831d0b1fc3497ef.tar.gz