* src/cff/cffload.c (cff_load_private_dict): Always init `blend'.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=295
8 years ago · 50ff6c1eab
parent df2cf43e94
commit 50ff6c1eab
2 changed files with 13 additions and 4 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2016-12-17  Werner Lemberg  <wl@gnu.org>
+
+	* src/cff/cffload.c (cff_load_private_dict): Always init `blend'.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=295
+
 2016-12-16  Werner Lemberg  <wl@gnu.org>

 	[truetype] Fix `cvar' sanity test.
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@ -1843,13 +1843,14 @@
    FT_UInt          stackSize;


-    if ( !top->private_offset || !top->private_size )
-      goto Exit2;       /* no private DICT, do nothing */
-
-    /* store handle needed to access memory, vstore for blend */
+    /* store handle needed to access memory, vstore for blend;    */
+    /* we need this for clean-up even if there is no private DICT */
    subfont->blend.font   = font;
    subfont->blend.usedBV = FALSE;  /* clear state */

+    if ( !top->private_offset || !top->private_size )
+      goto Exit2;       /* no private DICT, do nothing */
+
    /* set defaults */
    FT_ZERO( priv );