From 1c04eed76feffee0730d80c993e6dd602c335929 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Fri, 7 Sep 2018 06:40:55 +0200 Subject: [PATCH] [truetype] Fix assertion failure. Triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212 * src/truetype/ttgload.c (load_truetype_glyph): Reintroduce `opened_frame' (removed in a change from 2018-08-26) to handle dealloation of the second frame. --- ChangeLog | 12 ++++++++++++ src/truetype/ttgload.c | 9 +++++++++ 2 files changed, 21 insertions(+) diff --git a/ChangeLog b/ChangeLog index 17cdac2ad..9f80602fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2018-09-07 Werner Lemberg + + [truetype] Fix assertion failure. + + Triggered by + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212 + + * src/truetype/ttgload.c (load_truetype_glyph): Reintroduce + `opened_frame' (removed in a change from 2018-08-26) to handle + dealloation of the second frame. + 2018-09-05 Werner Lemberg Synchronize `ftdebug.c' files. diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c index ad93c0418..d54626ddd 100644 --- a/src/truetype/ttgload.c +++ b/src/truetype/ttgload.c @@ -1537,6 +1537,8 @@ TT_Face face = loader->face; FT_GlyphLoader gloader = loader->gloader; + FT_Bool opened_frame = 0; + #ifdef FT_CONFIG_OPTION_INCREMENTAL FT_StreamRec inc_stream; FT_Data glyph_data; @@ -1768,6 +1770,8 @@ if ( error ) goto Exit; + opened_frame = 1; + /* if it is a simple glyph, load it */ if ( loader->n_contours > 0 ) @@ -1778,6 +1782,7 @@ /* all data have been read */ face->forget_glyph_frame( loader ); + opened_frame = 0; error = TT_Process_Simple_Glyph( loader ); if ( error ) @@ -1851,6 +1856,7 @@ /* all data we need are read */ face->forget_glyph_frame( loader ); + opened_frame = 0; #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT @@ -2105,6 +2111,9 @@ Exit: + if ( opened_frame ) + face->forget_glyph_frame( loader ); + #ifdef FT_CONFIG_OPTION_INCREMENTAL if ( glyph_data_loaded )